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(57)Abstract: 

PROBLEM TO BE SOLVED: To prevent Information from 
leaking to an authentication delegate server which acts for 
authentication. 

SOLUTION: The authentication delegate server S distributes an 
open key for ciphering of service providers SP-A and SP-B 
made to correspond to desirable service to a client 0 and 
transfers ciphered information received from the client C to the 
providers SP-A and SP-B when the service is provided. The 
client C ciphers the information to be sent to the providers SP-A 
and SP-B by using the open key for ciphering received from an 
authentication delegate server S and sends the ciphered 
information to the authentication delegate server S. The 
providers SP-A and SP-B decipher the ciphered information 




received from the authentication delegate server S by using a 
secret key for ciphering. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the 
original precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] In the authentication vicarious execution approach that the authentication 
vicarious execution server equipment formed between the service provider equipment 
which offers service, and the client equipment which receives service provision receives 
authentication from said service provider equipment instead of said client equipment At 
the time of service provision The procedure which delivers the public key for codes of 
said service provider equipment corresponding to desired service from said authentication 
vicarious execution server equipment to said client equipment. The procedure of 
enciphering using the public key for codes which received the information which should 
be transmitted to said service provider equipment in said client equipment from said 
authentication vicarious execution server equipment, and transmitting this enciphered 
information to said authentication vicarious execution server equipment. The procedure 
of transmitting the enciphered information which was received from said client 
equipment to said service provider equipment from said authentication vicarious 
execution server equipment. It has the procedure which decrypts the enciphered 
information which was received from said authentication vicarious execution server 
equipment in said service provider equipment using the private key for codes. The 
authentication vicarious execution approach characterized by performing information 
transfer from client equipment to service provider equipment, without revealing to 
authentication vicarious execution server equipment. 

[Claim 2] In the authentication vicarious execution approach that the authentication 
vicarious execution server equipment formed between the service provider equipment 
which offers service, and the client equipment which receives service provision receives 
authentication from said service provider equipment instead of said client equipment At 
the time of service provision The procedure which delivers the public key for codes of 
said client equipment from said authentication vicarious execution server equipment to 
said service provider equipment corresponding to desired service. The procedure of 
enciphering using the public key for codes which received the information which should 
be transmitted to said client equipment in said service provider equipment from said 
authentication vicarious execution server equipment, and transmitting this enciphered 
information to said authentication vicarious execution server equipment. The procedure 
of transmitting the enciphered information which was received from said service provider 
equipment to said client equipment from said authentication vicarious execution server 
equipment. It has the procedure which decrypts the enciphered information which was 
received from said authentication vicarious execution server equipment in said client 
equipment using the private key for codes. The authentication vicarious execution 
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approach characterized by performing information transfer from service provider 
equipment to client equipment, without revealing to authentication vicarious execution 
server equipment. 

[Claim 3] In the authentication vicarious execution approach that the authentication 
vicarious execution server equipment formed between the service provider equipment 
which offers service, and the client equipment which receives service provision receives 
authentication from said service provider equipment instead of said client equipment At 
the time of service provision The procedure which delivers the public key for codes of 
said service provider equipment corresponding to desired service from said authentication 
vicarious execution server equipment to said client equipment. The data which become in 
said client equipment the session key for cryptocommunication between said service 
provider equipment or the origin of this session key are generated. The procedure of 
enciphering using the public key for codes which received said session key or data from 
said authentication vicarious execution server equipment, and transmitting this 
enciphered information to said authentication vicarious execution server equipment. The 
procedure of transmitting the enciphered information which was received from said client 
equipment to said service provider equipment from said authentication vicarious 
execution server equipment. Decrypt the enciphered information which was received 
from said authentication vicarious execution server equipment in said service provider 
equipment using the private key for codes, and said session key is acquired. Or said data 
are acquired by the decryption using the private key for codes. The procedure which 
generates said session key, and the information which should be transmitted in said client 
equipment or said service provider equipment are enciphered using said session key from 
this data. The procedure of transmitting this enciphered information to said authentication 
vicarious execution server equipment. The procedure of transmitting the information 
enciphered using said session key from said authentication vicarious execution server 
equipment to said service provider equipment or said client equipment. It has the 
procedure decrypted using said session key to which self has the information enciphered 
using said session key in said service provider equipment or said client equipment. The 
authentication vicarious execution approach characterized by performing bidirectional 
information transfer between client equipment and service provider equipment, without 
revealing to authentication vicarious execution server equipment. 
[Claim 4] The procedure which delivers the public key certificate for codes with said 
public key for codes in the authentication vicarious execution approach according to 
claim 1 or 3 in case said public key for codes is delivered from said authentication 
vicarious execution server equipment to said client equipment. The authentication 
vicarious execution approach characterized by having the procedure of verifying said 
public key for codes based on the public key certificate for codes received from said 
authentication vicarious execution server equipment before performing encryption using 
said public key for codes in said client equipment. 

[Claim 5] In the authentication vicarious execution approach according to claim 1 or 3, in 
case it enciphers in said client equipment The procedure of enciphering the authentication 
information on this client equipment using said public key for codes, and transmitting this 
enciphered information to said authentication vicarious execution server equipment. In 
case it decrypts in said service provider equipment, decrypt the enciphered information 
which was received from said authentication vicarious execution server equipment using 



2 



Machine Translation of Japanese Publication No. 2001-134534 



the private key for codes, and said authentication information is acquired. The 
authentication vicarious execution approach characterized by having the procedure which 
attests said client equipment based on this authentication information. 
[Claim 6] The service provider equipment which offers service, and the client equipment 
which was connected with said service provider equipment and which receives service 
provision. It consists of authentication vicarious execution server equipment formed 
between said service provider equipment and client equipment. In the authentication 
vicarious execution service system with which said authentication vicarious execution 
server equipment receives authentication from said service provider equipment instead of 
said client equipment said authentication vicarious execution server equipment The 
public key for codes of said service provider equipment corresponding to desired service 
is delivered to said client equipment at the time of service provision. It has a means to 
transmit the enciphered information which was received from said client equipment to 
said service provider equipment. Said client equipment It enciphers using the public key 
for codes which received the information which should be transmitted to said service 
provider equipment from said authentication vicarious execution server equipment. It has 
a means to transmit this enciphered information to said authentication vicarious execution 
server equipment. Said service provider equipment The authentication vicarious 
execution service system characterized by performing information transfer from client 
equipment to service provider equipment, without having a means to decrypt the 
enciphered information which was received from said authentication vicarious execution 
server equipment using the private key for codes, and revealing to authentication 
vicarious execution server equipment. 

[Claim 7] The service provider equipment which offers service, and the client equipment 
which was connected with said service provider equipment and which receives service 
provision. It consists of authentication vicarious execution server equipment formed 
between said service provider equipment and client equipment. In the authentication 
vicarious execution service system with which said authentication vicarious execution 
server equipment receives authentication from said service provider equipment instead of 
said client equipment said authentication vicarious execution server equipment As 
opposed to said service provider equipment corresponding to desired service the time of 
service provision Deliver the public key for codes of said client equipment, and it has a 
means to transmit the enciphered information which was received from said service 
provider equipment to said client equipment. Said service provider equipment is 
enciphered using the public key for codes which received the information which should 
be transmitted to said client equipment from said authentication vicarious execution 
server equipment. It has a means to transmit this enciphered information to said 
authentication vicarious execution server equipment. Said client equipment The 
authentication vicarious execution service system characterized by performing 
information transfer from service provider equipment to client equipment, without having 
a means to decrypt the enciphered information which was received from said 
authentication vicarious execution server equipment using the private key for codes, and 
revealing to authentication vicarious execution server equipment. 

[Claim 8] The service provider equipment which offers service, and the client equipment 
which was connected with said service provider equipment and which receives service 
provision. It consists of authentication vicarious execution server equipment formed 
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between said service provider equipment and client equipment. In the authentication 
vicarious execution service system with which said authentication vicarious execution 
server equipment receives authentication from said service provider equipment instead of 
said client equipment said authentication vicarious execution server equipment The 
public key for codes of said service provider equipment corresponding to desired service 
is delivered to said client equipment at the time of service provision. The enciphered 
information which was received from said client equipment is transmitted to said service 
provider equipment. It has a means to transmit the enciphered information which was 
received from said service provider equipment to said client equipment. Said client 
equipment The data which become the session key for cryptocommunication between 
said service provider equipment or the origin of this session key are generated. It 
enciphers using the public key for codes which received said session key or data from 
said authentication vicarious execution server equipment. After transmitting this 
enciphered information to said authentication vicarious execution server equipment, the 
information which should be transmitted to said service provider equipment is enciphered 
using said session key. It has a means to transmit this enciphered information to said 
authentication vicarious execution server equipment. Said service provider equipment 
Decrypt the enciphered information which was received from said authentication 
vicarious execution server equipment using the private key for codes, and acquire said 
session key, or said data are acquired by the decryption using the private key for codes. 
After generating said session key from this data, the information which should be 
transmitted to said client equipment is enciphered using said session key. The 
authentication vicarious execution service system characterized by performing 
bidirectional information transfer between client equipment and service provider 
equipment, without having a means to transmit this enciphered information to said 
authentication vicarious execution server equipment, and revealing to authentication 
vicarious execution server equipment. 

[Claim 9] In an authentication vicarious execution service system according to claim 6 or 
8 said authentication vicarious execution server equipment In case said public key for 
codes is delivered to said client equipment, it has a means to deliver the public key 
certificate for codes with said public key for codes. Said client equipment The 
authentication vicarious execution service system characterized by having a means to 
verify said public key for codes based on the public key certificate for codes received 
from said authentication vicarious execution server equipment before performing 
encryption using said public key for codes. 

[Claim 10] In an authentication vicarious execution service system according to claim 6 
or 8 said client equipment In case said encryption is performed, use said public key for 
codes and the authentication information on self-equipment is enciphered. It has a means 
to transmit this enciphered information to said authentication vicarious execution server 
equipment. Said service provider equipment The authentication vicarious execution 
service system characterized by having the means which decrypts the enciphered 
information which was received from said authentication vicarious execution server 
equipment using the private key for codes, acquires said authentication information, and 
attests said client equipment based on this authentication information in case said 
decryption is performed. 

[Claim 11] In the authentication vicarious execution server equipment which is formed 
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between the service provider equipment which offers service, and the client equipment 
which receives service provision, and receives authentication from said service provider 
equipment instead of said client equipment Said authentication vicarious execution server 
equipment delivers the public key for codes of said service provider equipment 
corresponding to desired service to said client equipment at the time of service provision. 
Authentication vicarious execution server equipment characterized by having a means to 
transmit said enciphered information to said service provider equipment in order to make 
the decryption using the reception from said client equipment, and the private key for 
codes of the information enciphered using this public key for codes perform. 
[Claim 12] In the authentication vicarious execution server equipment which is formed 
between the service provider equipment which offers service, and the client equipment 
which receives service provision, and receives authentication from said service provider 
equipment instead of said client equipment As opposed to said service provider 
equipment corresponding to [ the time of service provision ] desired service in said 
authentication vicarious execution server equipment The information which delivered the 
public key for codes of said client equipment, and was enciphered using this public key 
for codes From said service provider equipment to reception Authentication vicarious 
execution server equipment characterized by having a means to transmit said enciphered 
information to said client equipment in order to make the decryption using the private key 
for codes perform. 

[Claim 13] In the authentication vicarious execution server equipment which is formed 
between the service provider equipment which offers service, and the client equipment 
which receives service provision, and receives authentication from said service provider 
equipment instead of said client equipment Said authentication vicarious execution server 
equipment delivers the public key for codes of said service provider equipment 
corresponding to desired service to said client equipment at the time of service provision. 
The data which become the session key for cryptocommunication enciphered using this 
public key for codes, or the origin of this session key From said client equipment to 
reception After transmitting said enciphered session key or data to said service provider 
equipment in order to make the decryption using the private key for codes perform. 
While transmitting the information from said client equipment enciphered using said 
session key to said service provider equipment Authentication vicarious execution server 
equipment characterized by having a means to transmit the information from said service 
provider equipment enciphered using said session key to said client equipment. 
[Claim 14] It is authentication vicarious execution server equipment characterized by 
having a means to deliver the public key certificate for codes to said client equipment 
with said public key for codes so that said authentication vicarious execution server 
equipment may make said public key for codes verify to said client equipment in 
authentication vicarious execution server equipment according to claim 11 or 13. 
[Claim 15] Between the service provider equipment which offers service, and the client 
equipment which receives service provision It is said client equipment in the 
authentication vicarious execution service system with which the formed authentication 
vicarious execution server equipment receives authentication from said service provider 
equipment instead of said client equipment. While consisting of an IC card equipped with 
a signature generation means to generate the signature for receiving client authentication 
from said authentication vicarious execution server equipment An encryption means to 
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encipher the information which should be transmitted to said service provider equipment 
using the public key for codes, The signature generated with said IC card is transmitted to 
said authentication vicarious execution server equipment. Client equipment characterized 
by consisting of a processor equipped with a transceiver means to transmit the 
information which received the public key for codes transmitted from said authentication 
vicarious execution server equipment, outputted to said encryption means, and was 
enciphered by said encryption means to said authentication vicarious execution server 
equipment. 

[Claim 16] Between the service provider equipment which offers service, and the client 
equipment which receives service provision It is said client equipment in the 
authentication vicarious execution service system with which the formed authentication 
vicarious execution server equipment receives authentication from said service provider 
equipment instead of said client equipment. A signature generation means to generate the 
signature for receiving client authentication from said authentication vicarious execution 
server equipment. While consisting of an IC card equipped with an encryption means to 
encipher the information which should be transmitted to said service provider equipment 
using the public key for codes The signature generated with said IC card is transmitted to 
said authentication vicarious execution server equipment. Client equipment characterized 
by consisting of a processor equipped with a transceiver means to transmit the 
information which received the public key for codes transmitted from said authentication 
vicarious execution server equipment, outputted to said IC card, and was enciphered with 
said IC card to said authentication vicarious execution server equipment. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the authentication vicarious execution 
approach that the authentication vicarious execution server equipment formed between 
service provider equipment and client equipment receives authentication from service 
provider equipment instead of client equipment, an authentication vicarious execution 
service system, authentication vicarious execution server equipment, and client 
equipment. 
[0002] 

[Description of the Prior Art] Conventionally, generally in the service provision by the 
network, performing client authentication using confidential information is performed. 
Here, confidential information points out the share key of share key methods, such as a 
private key in public key cryptosystems, such as a password and RSA (Rivest and Shamir 
and Adleman), and DES (Data Encryption Standard). When performing client 
authentication, generally to a different service provider, that from which confidential 
information differs is used. 

[0003] For example, as shown in drawing 13 , in case a certain client equipment (it 
abbreviates to a client hereafter) C accesses the service A offered by service provider 
equipment (it abbreviates to service provider hereafter) SP-A, and the service B offered 
by service provider SP-B, respectively, it is necessary to receive client authentication 
using respectively different confidential information SkU-A and respectively different 
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SkU-B. In drawing 13 , CertU-A and CertU-B are the certificates corresponding to 
confidential information SkU-A and SkU-B, respectively. This certificate is unnecessary 
depending on a method. For example, in a public key cryptosystem, confidential 
information SkU serves as a private key, and CertU serves as a public key certificate. In 
addition, a "service provider" here does not necessarily mean the service provider (for 
example, company) in the actual world. That is, even if the service provider in the actual 
world is the same, the case "where service providers differ" is possible. For example, 
inquiry-for-the -balances service of a certain bank and investment fund application service 
are considered to be the services offered by another service provider. 
[0004] If it agrees with sharing of client information between different service providers, 
it is possible to make confidential information the same. For example, if it says in the 
example shown in drawing 13 and service provider SP-A and SP-B will agree, it is 
possible to receive offer of Service B using confidential information SkU-A to service 
provider SP-A ( drawing 14 ). Especially, if it is two services of the same bank in the 
above-mentioned example, since service provider SP-A and SP-B are the same, 
agreement is comparatively easy in the actual world. However, it is difficult to agree 
among all the existing service providers, and it is not realistic. Many cases where 
agreement is difficult exist in Client C by the difference in the plan at the time of 
publishing confidential information, the difference in the reinforcement of confidential 
information, the difference in the demand security of service, etc. That is, since the plans 
of each service provider about client authentication differ, many cases where agreement 
is difficult exist. 

[0005] When the plan about client authentication is in agreement to some extent, it may 
be possible by constituting a certificate authority hierarchical to receive authentication by 
the same confidential information. For example, as shown in drawing 15 , an 
authentication tree consists of forms where certificate authority CA-A or CA-B publishes 
the certificate to confidential information, and certificate authority CA-R of a high order 
publishes a certificate further to the confidential information of the certificate authority 
CA-A and CA-B. And if the authentication tree to the confidential information of service 
provider SP-A and the authentication tree to the confidential information of service 
provider SP-B have an intersection in the high order, service provider SP-B may be able 
to offer service by confidential information SkU-A. In drawing 15 , a certificate authority 
for CA-A and CA-B to receive service of service provider SP-A and CA-R are the 
certificate authorities of the high order of certificate authority CA-A and CA-B. In 
addition, other certificate authorities may be placed between the middle of CA-A, CA-B, 
and CA-R, or the high order of CA-R. Service provider SP-B accepts the client 
authentication using confidential information SkU-A with the certificate which CA-A 
which high order certificate authority CA-R of CA-B which is the certificate authority of 
a self-client has attested published. 

[0006] In the case of drawing 15 , it is difficult to give an intersection to the 
authentication tree of all services, and even if there is an intersection, service provision is 
not necessarily possible by the difference in the plan of security etc. That is, even if it 
realizes who Client C is, service provision can be refused depending on the plan of a 
service provider. Therefore, generally "when receiving two or more services which need 
client authentication, a client needs to manage two or more confidential information 
corresponding to each service" can say. Here, suppose that the case where the same 
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confidential information can receive authentication is called "the same [ the 
authentication system of service ]." Suppose that the case where the same confidential 
information cannot receive authentication on the contrary is called saying "The 
authentication systems of service differ." 

[0007] The cost which generally mounts the function manager of confidential 
information and the function to receive client authentication using confidential 
information in Client C becomes still larger [ it is large, and ], when using two or more 
confidential information to two or more services. Since there is risk of other clients 
turning into a self-client and clearing up when the problem of it becoming impossible to 
receive service arises when confidential information is lost, and confidential information 
is revealed if it says about management of confidential information, the cost of mounting 
of a loss prevention function and a leakage control function becomes large. When two or 
more confidential information needs to be managed, the cost of the management [ itself ] 
becomes large, up, if some one confidential information is lost and revealed depending 
on a management gestalt, the recurrence line of other confidential information may have 
to be carried out, and recurrence line cost will turn large. 

[0008] When using a public key cryptosystem about the client authentication function 
using confidential information, for example, the storage function of a public key 
certificate [ / in addition to management of a private key ], the transmitting function to 
the service provider of a public key certificate, the generation function of confidential 
information (key pair in a public key cryptosystem etc.), the add function of the 
confidential information to a certificate authority, a public key certification dictation 
profit function, etc. are needed for Client C. When a simple terminal, for example, a set 
top box etc., is assumed to Client C, even if there is little confidential information to 
manage, the cost which mounts all these functions is large, but it will become still larger 
if confidential information increases. From such a thing, a demand of the client manager 
who wants to lessen the number of the confidential information managed by Client C as 
much as possible exists. 

[0009] When receiving a demand of such a client manager, i.e., two or more services 
from which an authentication system differs, there are the following three as a 
conventional technique which solves wanting to lessen confidential information which a 
client manager manages. 

Conventional technique 1: Mutual recognition of certificate authorities. 
Conventional technique 2: Commission of authentication processing with the gestalt 
which deposits authentication vicarious execution SABAHE confidential information. 
Conventional technique 3: Commission of authentication processing with the gestalt 
using own confidential information of an authentication vicarious execution server. 
[0010] As shown in drawing 16 , when it does not have an intersection in an 
authentication tree, or when [ though it has the conventional technique 1, ] its plan about 
each SP's authentication does not correspond on the level in which the service provision 
concerned is possible, it is a method which enables it to receive authentication by the 
same confidential information by checking the mutual recognition document of certificate 
authority CA-AO and CA-BO comrades. In drawing 16 , CA-Al, CA-A2, CA-Bl, and 
CA-B-2 are [ certificate authority CA-Al, the certificate authority of the high order of 
CA-A2 and CA-BO of a certificate authority and CA-AO ] the certificate authorities of the 
high order of certificate authority CA-Bl and CA-B-2. Service provider SP-B accepts the 
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client authentication using confidential information SkU-A, when a mutual recognition 
document exists between high order certificate authority CA-BO of the certificate 
authority (for example, CA-Bl) of a self-client, and other high order certificate authority 
CA-AO. This conventional technique 1 is one of the promising methods. However, since 
a big functional addition being required for a service provider or a certificate authority, 
and publishing a mutual recognition document needs agreement formation of each 
service provider after all, applicability is restricted. Therefore, in this invention, it does 
not consider as the object of consideration. 

[0011] The conventional technique 2 is a method which forms the authentication 
vicarious execution server S which manages the confidential information in other 
authentication systems, a certificate, CRL (lapse certificate list), etc. in one authentication 
system to which Client C belongs, and attests about the service which needs client 
authentication between the authentication vicarious execution server S, each service 
provider SP-A, and SP-B, as shown in drawing 17 . In drawing 17 , SkU-P is the 
confidential information for using for authentication between the authentication vicarious 
execution server S and Client C. About this confidential information SkU-P, a client 
manager may memorize and it may not manage by client C itself. Moreover, CertU-P is a 
certificate corresponding to confidential information SkU-P. This certificate is 
unnecessary depending on a method. For example, in a public key cryptosystem, 
confidential information SkU-P serves as a private key, and CertU-P serves as a public 
key certificate. 

[0012] The conventional technique 2 has the advantage that there is little modification in 
a certificate authority and service provider side compared with the conventional 
technique 1 . If it sees from a certificate authority and service provider side, he will not be 
conscious of the authentication vicarious execution server S, and it will be attested as a 
client C. For example, although it is necessary to hold confidential information, 
respectively in order user authentication is needed in SET (SecureElectronic Transaction) 
and SECE (Secure Electronic Commerce Environment) which are the method which 
realizes the credit settlement of accounts and bank account settlement of accounts on the 
Internet and to receive service from two or more credit firms and banks, the method 
which deposits this confidential information with the authentication vicarious execution 
server called Sir BAWO let is proposed, and the part is produced commercially. 
[0013] As shown in drawing 18 , in case the conventional technique 3 receives client 
authentication from service provider SP-A and SP-B, the confidential information of each 
client C is a method using the own confidential information SkP of authentication 
vicarious execution server S rather than it is used for it. In drawing 18 , CertP is a 
certificate corresponding to confidential information SkP. That is, from a service provider 
side, it seems that the authentication vicarious execution server S has received service. 
With this conventional technique 3, like the conventional technique 2, each client C does 
not need to manage the confidential information corresponding to each service, and 
should manage only own confidential information also in the authentication vicarious 
execution server S. 
[0014] 

[Problem(s) to be Solved by the Invention] However, there were the three following 
troubles in the above conventional technique 2 and the conventional technique 3. 
Trouble 1: All the information exchanged between Client C, service provider SP-A, and 
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SP-B is revealed to the authentication vicarious execution server S. Although the 
authentication vicarious execution server S is the subject who can trust it for Client C, 
there is a case where he wants to keep secret the information exchanged with service 
provider SP-A and SP-B depending on service. Temporarily, within the authentication 
vicarious execution server S, though between the authentication vicarious execution 
server S, service provider SP-A, and SP-B is enciphered, respectively, since information 
is decrypted, there is a possibility that information may be revealed between Client C and 
the authentication vicarious execution server S. In addition, this trouble 1 is common on 
both conventional technique 2 and conventional technique 3. 

[0015] Trouble 2: When the authentication vicarious execution server S becomes Client 
C and clears up, it cannot check in a service provider SP-A and SP-B side. In the 
conventional technique 2, since the authentication vicarious execution server S holds 
client confidential information, it becomes Client C and it can be cleared up. As for the 
authentication vicarious execution server S, it is desirable to prepare the means which can 
attest a direct client by the service provider SP-A and SP-B side, for example, if the case 
where the systems operation person of the authentication vicarious execution server S etc. 
should commit injustice, the case where it is denied that the client user received offer of 
service, etc. are assumed although it is generally the subject who can trust it also from 
service provider SP-A and SP-B also from a user. Of course, considering the advantage 
of the authentication vicarious execution server S existing, the authentication means in 
that case needs to be simple compared with the case where the authentication vicarious 
execution server S does not exist. 

[0016] Trouble 3: It is easy to produce the responsibility of offering service between 
Client C, service provider SP-A, and SP-B, and the responsibility of collecting service 
countervalues in the authentication vicarious execution server S. In the conventional 
technique 3, service provider SP-A and SP-B attest a client by own confidential 
information of authentication vicarious execution server S, and perform service 
provision, that is, service provider SP-A and SP-B offer service being conscious of the 
authentication vicarious execution server S, and it is easy to produce the responsibility of 
sending the service to Client C, and the responsibility of collecting a service countervalue 
from Client C in the authentication vicarious execution server S (a contract between 
persons concerned in whether it is actually generated, and law — based on a system). In 
that case, the more responsibility becomes large, the more the subject who can manage 
the authentication vicarious execution server S will be restricted. It aims at offering the 
authentication vicarious execution approach which can cancel said trouble 1, a trouble 2, 
and a trouble 3, an authentication vicarious execution service system, authentication 
vicarious execution server equipment, and client equipment, solving [ this invention was 
made in order to solve the above-mentioned technical problem, and ] the burden of the 
client about authentication by the authentication vicarious execution server. 
[0017] 

[Means for Solving the Problem] As for the authentication vicarious execution approach 
of this invention, the authentication vicarious execution server equipment formed 
between the service provider equipment which offers service, and the client equipment 
which receives service provision receives authentication from service provider equipment 
instead of client equipment. And the procedure in which the authentication vicarious 
execution approach of this invention delivers the public key for codes of the service 
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provider equipment corresponding to desired service from authentication vicarious 
execution server equipment to client equipment at the time of service provision, The 
procedure of enciphering using the public key for codes which received the information 
which should be transmitted to service provider equipment in client equipment from 
authentication vicarious execution server equipment, and transmitting this enciphered 
information to authentication vicarious execution server equipment. The procedure of 
transmitting the enciphered information which was received from client equipment to 
service provider equipment from authentication vicarious execution server equipment. It 
has the procedure which decrypts the enciphered information which was received from 
authentication vicarious execution server equipment in service provider equipment using 
the private key for codes. Moreover, the authentication vicarious execution approach of 
this invention receives the service provider equipment corresponding to desired service at 
the time of service provision. The procedure which delivers the public key for codes of 
client equipment from authentication vicarious execution server equipment. The 
procedure of enciphering using the public key for codes which received the information 
which should be transmitted to client equipment in service provider equipment from 
authentication vicarious execution server equipment, and transmitting this enciphered 
information to authentication vicarious execution server equipment. It has the procedure 
of transmitting the enciphered information which was received from service provider 
equipment to client equipment from authentication vicarious execution server equipment, 
and the procedure which decrypts the enciphered information which received from 
authentication vicarious execution server equipment in client equipment using the private 
key for codes. 

[0018] Moreover, the procedure in which the authentication vicarious execution approach 
of this invention delivers the public key for codes of the service provider equipment 
corresponding to desired service from authentication vicarious execution server 
equipment to client equipment at the time of service provision. The data which become in 
client equipment the session key for cryptocommunication between service provider 
equipment or the origin of this session key are generated. The procedure of enciphering 
using the public key for codes which received a session key or data from authentication 
vicarious execution server equipment, and transmitting this enciphered information to 
authentication vicarious execution server equipment. The procedure of transmitting the 
enciphered information which was received from client equipment to service provider 
equipment from authentication vicarious execution server equipment. Decrypt the 
enciphered information which was received from authentication vicarious execution 
server equipment in service provider equipment using the private key for codes, and 
acquire a session key, or data are acquired by the decryption using the private key for 
codes. The procedure which generates a session key, and the information which should 
be transmitted in client equipment or service provider equipment are enciphered using a 
session key from this data. The procedure of transmitting this enciphered information to 
authentication vicarious execution server equipment, and the procedure of transmitting 
the information enciphered using the session key from authentication vicarious execution 
server equipment to service provider equipment or client equipment. It has the procedure 
decrypted using the session key to which self has the information enciphered using the 
session key in service provider equipment or client equipment. 
[0019] Moreover, as an example of 1 configuration of the authentication vicarious- 
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execution approach of this invention, in case the public key for codes is delivered from 
authentication vicarious-execution server equipment to client equipment, it has the 
procedure verify the public key for codes the procedure which delivers the public key 
certificate for codes with the public key for codes, and based on the public key certificate 
for codes received from authentication vicarious-execution server equipment before 
performing encryption using the public key for codes in client equipment. Moreover, in 
case it enciphers in client equipment as an example of 1 configuration of the 
authentication vicarious execution approach of this invention The procedure of 
enciphering the authentication information on this client equipment using the public key 
for codes, and transmitting this enciphered information to authentication vicarious 
execution server equipment. In case it decrypts in service provider equipment, the 
enciphered information which was received from authentication vicarious execution 
server equipment is decrypted using the private key for codes, authentication information 
is acquired, and it has the procedure which attests client equipment based on this 
authentication information. 

[0020] As an authentication vicarious execution service system of this invention, 
moreover, authentication vicarious execution server equipment (S) The public key for 
codes of the service provider equipment corresponding to desired service is delivered to 
client equipment at the time of service provision. It has a means to transmit the 
enciphered information which was received from client equipment to service provider 
equipment. Client equipment (C) It enciphers using the public key for codes which 
received the information which should be transmitted to service provider equipment from 
authentication vicarious execution server equipment. Having a means to transmit this 
enciphered information to authentication vicarious execution server equipment, service 
provider equipment (SP-A, SP-B) has a means to decrypt the enciphered information 
which was received from authentication vicarious execution server equipment using the 
private key for codes. As an authentication vicarious execution service system of this 
invention, moreover, authentication vicarious execution server equipment (S) As opposed 
to the service provider equipment corresponding to desired service the time of service 
provision Deliver the public key for codes of client equipment, and it has a means to 
transmit the enciphered information which was received from service provider equipment 
to client equipment. Service provider equipment (SP-A, SP-B) It enciphers using the 
public key for codes which received the information which should be transmitted to client 
equipment from authentication vicarious execution server equipment. Having a means to 
transmit this enciphered information to authentication vicarious execution server 
equipment, client equipment (C) has a means to decrypt the enciphered information 
which was received from authentication vicarious execution server equipment using the 
private key for codes. 

[0021] As an authentication vicarious execution service system of this invention, 
moreover, authentication vicarious execution server equipment (S) The public key for 
codes of the service provider equipment corresponding to desired service is delivered to 
client equipment at the time of service provision. The enciphered information which was 
received from client equipment is transmitted to service provider equipment. It has a 
means to transmit the enciphered information which was received from service provider 
equipment to client equipment. Client equipment (C) The data which become the session 
key for cryptocommunication between service provider equipment or the origin of this 
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session key are generated. It enciphers using the public key for codes which received a 
session key or data from authentication vicarious execution server equipment. After 
transmitting this enciphered information to authentication vicarious execution server 
equipment, the information which should be transmitted to service provider equipment is 
enciphered using a session key. It has a means to transmit this enciphered information to 
authentication vicarious execution server equipment. Service provider equipment (SP-A, 
SP-B) Decrypt the enciphered information which was received from authentication 
vicarious execution server equipment using the private key for codes, and acquire a 
session key, or data are acquired by the decryption using the private key for codes. After 
generating a session key from this data, the information which should be transmitted to 
client equipment is enciphered using a session key, and it has a means to transmit this 
enciphered information to authentication vicarious execution server equipment. 
[0022] Moreover, authentication vicarious-execution server equipment has a means 
deliver the public key certificate for codes with the public key for codes in case the public 
key for codes is delivered to client equipment, as an example of 1 configuration of the 
authentication vicarious-execution service system of this invention, and client equipment 
has a means verify the public key for codes based on the public key certificate for codes 
received from authentication vicarious-execution server equipment, before performing 
encryption which used the public key for codes. As an example of 1 configuration of the 
authentication vicarious execution service system of this invention, moreover, client 
equipment In case it enciphers, the public key for codes is used, the authentication 
information on self-equipment is enciphered, and it has a means to transmit this 
enciphered information to authentication vicarious execution server equipment. Service 
provider equipment In case it decrypts, the enciphered information which was received 
from authentication vicarious execution server equipment is decrypted using the private 
key for codes, authentication information is acquired, and it has the means which attests 
client equipment based on this authentication information. 

[0023] Moreover, at the time of service provision, the authentication vicarious execution 
server equipment (S) of this invention delivers the public key for codes of the service 
provider equipment corresponding to desired service to client equipment, and has a 
means to transmit the information enciphered in order to have made the decryption using 
the reception from client equipment, and the private key for codes of the information 
enciphered using this public key for codes perform to service provider equipment. 
Moreover, at the time of service provision, to the service provider equipment 
corresponding to desired service, the authentication vicarious execution server equipment 
(S) of this invention delivers the public key for codes of client equipment, and has a 
means transmit the information enciphered in order to have made the decryption using 
the reception from service provider equipment, and the private key for codes of the 
information enciphered using this public key for codes perform to client equipment. 
[0024] Moreover, the authentication vicarious execution server equipment (S) of this 
invention The public key for codes of the service provider equipment corresponding to 
desired service is delivered to client equipment at the time of service provision. The data 
which become the session key for cryptocommunication enciphered using this public key 
for codes, or the origin of this session key From client equipment to reception After 
transmitting the session key or data enciphered in order to have made the decryption 
using the private key for codes perform to service provider equipment. While 
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transmitting the infomiation from the client equipment enciphered using the session key 
to service provider equipment, it has a means to transmit the information from the service 
provider equipment enciphered using the session key to client equipment. Moreover, the 
example of 1 configuration of the authentication vicarious execution server equipment of 
this invention has a means to deliver the public key certificate for codes to client 
equipment with the public key for codes so that it may make the public key for codes 
verify to client equipment. 

[0025] Moreover, while the client equipment (C) of this invention consists of an IC card 
equipped with a signature generation means to generate the signature for receiving client 
authentication from authentication vicarious execution server equipment An encryption 
means to encipher the information which should be transmitted to service provider 
equipment using the public key for codes. The signature generated with the IC card is 
transmitted to authentication vicarious execution server equipment. The public key for 
codes transmitted from authentication vicarious execution server equipment is received, 
and it outputs to an encryption means, and consists of a processor equipped with a 
transceiver means to transmit the information enciphered by the encryption means to 
authentication vicarious execution server equipment. Moreover, a signature generation 
means to generate a signature for the client equipment (C) of this invention to receive 
client authentication from authentication vicarious execution server equipment. While 
consisting of an IC card equipped with an encryption means to encipher the information 
which should be transmitted to service provider equipment using the public key for codes 
The signature generated with the IC card is transmitted to authentication vicarious 
execution server equipment. The public key for codes transmitted from authentication 
vicarious execution server equipment is received, and it outputs to an IC card, and 
consists of a processor equipped with a transceiver means to transmit the information 
enciphered with the IC card to authentication vicarious execution server equipment. 
[0026] 

[Embodiment of the Invention] [1 of the gestalt of operation], next the gestalt of 
operation of this invention are explained to a detail with reference to a drawing. Drawing 
i is the block diagram showing the configuration of the authentication vicarious 
execution service system used as the gestalt of operation of the 1st of this invention. The 
authentication vicarious execution service system of the gestalt of this operation In the 
above-mentioned conventional technique 2 or the above-mentioned conventional 
technique 3 Authentication vicarious execution server equipment S Two or more service 
provider equipments (It abbreviates to an authentication vicarious execution server 
hereafter) SP-A, public key PkSP-A of SP-B, and PkSP-B Client equipment (It 
abbreviates to a service provider hereafter) Deliver to C at the time of service provision, 
make the authentication vicarious execution server S encipher information to keep it 
secret by Client C side using this public key PkSP-A and PkSP-B, and it is made to return 
to the authentication vicarious execution server S. (It abbreviates to a client hereafter) 
Because the authentication vicarious execution server S transmits to service provider SP- 
A and SP-B and makes this information decrypt by private key SkSP-A and SkSP-B by 
service provider SP-A and SP-B Information transfer from Client C to service provider 
SP-A and SP-B is realized without revealing to the authentication vicarious execution 
server S. 

[0027] Service provider SP-A, SP-B, and Client C are connected through a network, and 
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authentication vicarious execution server equipment S is formed in the middle of this 
network, drawing 1 — setting - PkSP-A and PkSP-B — respectively - service provider 
SP-A, the public key for codes of SP-B, SkSP-A, and SkSP-B - they are service provider 
SP-A and the private key for codes of SP-B, respectively. Moreover, confidential 
information for SkU-A and SkU-B to receive service from service provider SP-A and SP- 
B, respectively and SkP are own confidential information of authentication vicarious 
execution server S. In the case of the method corresponding to the conventional technique 
2 in the system of the gestalt of this operation, authentication of Client C is performed 
using confidential information SkU-A and SkU-B, and, in the case of the method 
corresponding to the conventional technique 3, authentication of Client C is performed 
using confidential information SkP. 

[0028] Next, actuation of such an authentication vicarious execution service system is 
explained. While delivering public key PkSP-A for codes of suitable service provider SP- 
A to Client C according to the service whose client C requires the authentication 
vicarious execution server S at the time of service provision, a return demand of the 
information relevant to an encryption demand of the information using this public key 
PkSP-A and secrecy information which was signal-transduction-required and was 
enciphered in addition to this, and the changed information is given to Client C. 
[0029] Here, in addition to this, a signal transduction demand is a demand of processing 
which changes secrecy information into the gestalt relevant to secrecy information which 
cannot be decrypted by service provider SP-A and SP-B, either, by service, only when 
required, it is advanced here, and it points out an one direction hash operation. 
[0030] According to the demand of the authentication vicarious execution server S, 
Client C enciphers the information which should be transmitted to service provider SP-A 
using public key PkSP-A, and transmits the enciphered information to the authentication 
vicarious execution server S. Moreover, Client C transmits to the authentication vicarious 
execution server S with the information which enciphered the information which changed 
the hash operation etc., when [ in relation to secrecy information ] a signal transduction 
demand is made in addition to this. 

[0031] The authentication vicarious execution server S performs a decryption demand to 
service provider SP-A while it transmits the information transmitted from Client C to 
reception and transmits this information to service provider SP-A. Service provider SP-A 
is decrypted using private key SkSP-A in which reception has the information transmitted 
from the authentication vicarious execution server S, and self has this information. 
[0032] In this way, it can prevent that the information from Client C to service provider 
SP-A is revealed to the authentication vicarious execution server S, and partial solution of 
said trouble 1 is attained. In addition, although the above explanation of operation 
explains the case where service provision is performed by service provider SP-A, when 
service provision is performed by service provider SP-B, PkSP-B is used instead of 
public key PkSP-A, the information from Client C is transmitted to service provider SP- 
B, and service provider SP-B decrypts information using private key SkSP-B. 
[0033] Moreover, it can omit because Client C performs autonomously a return demand 
of the information relevant to said encryption demand and secrecy information which was 
signal-transduction-required and was enciphered in addition to this, and the changed 
information, and similarly, it can omit because service provider SP-A and SP-B perform 
said decryption demand autonomously. 
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[0034] Moreover, in order to receive service provision from service provider SP-A and 
SP-B, the processings (generation of the signature by confidential information SkU-A, 
SkU-B, or SkP, service provider SP-A of this signature, transmission to SP-B, etc.) from 
which the authentication vicarious execution server S receives client authentication from 
service provider SP-A and SP-B instead of Client C as the above-mentioned conventional 
technique 2 or the above-mentioned conventional technique 3 explained are required. 
This processing may be performed to any at the time of delivering the information 
received from Client C to service provider SP-A and SP-B, or the time after said a series 
of sequences at the time before a series of sequences which result in a decryption of the 
information by service provider SP-A and SP-B from delivery of public key PkSP-A by 
the authentication vicarious execution server S, and PkSP-B. 
[0035] [2 of gestalt of operation] drawing 2 is the block diagram showing the 
configuration of the authentication vicarious execution service system used as the gestalt 
of operation of the 2nd of this invention. The authentication vicarious execution service 
system of the gestalt of this operation It sets on the above-mentioned conventional 
technique 2 or the above-mentioned conventional technique 3, and the authentication 
vicarious execution server S is public key PkU' of Client C. - A and PkU'-B are delivered 
to service provider SP-A and SP-B. It is information to keep it secret from the 
authentication vicarious execution server S This public key PkU' - Make it encipher by 
the service provider SP-A and SP-B side using A and PkU'-B, and it is made to return to 
the authentication vicarious execution server S. The authentication vicarious execution 
server S transmits this information to Client C, and it is private key SkU' at Client C. - by 
making it decrypt by A and SkU'-B Information transfer to Client C is realized from 
service provider SP-A and SP-B, without revealing to the authentication vicarious 
execution server S. 

[0036] drawing 2 — setting — CertU'-A, and the public key certificate for codes of the 
client [ as opposed to service provider SP-A and SP-B in respectively -B ] C and 
CertUPkU'- A and PkU — 'the public key for codes of the client [ as opposed to service 
provider SP-A and SP-B in respectively -B ] C, and SkU' -A and SkU' -B is the private 
key for codes of the client C to service provider SP-A and SP-B, respectively. In the case 
of the method corresponding to the conventional technique 2 in the system of the gestalt 
of this operation, authentication of Client C is performed using confidential information 
SkU- A and SkU-B, and, in the case of the method corresponding to the conventional 
technique 3, authentication of Client C is performed using confidential information SkP. 
[0037] Next, actuation of such an authentication vicarious execution service system is 
explained, suitable service provider SP-A according to the service whose client C 
requires the authentication vicarious execution server S at the time of service provision — 
receiving — public key PkU'-A for codes of Client C - public key certificate CertUfor 
codes' - while delivering in the form added to -A - this public key PkU' - an encryption 
demand of the information using -A is performed. 

[0038] By the demand of this authentication vicarious execution server S, service 
provider SP-A enciphers the information which should be transmitted to Client C using 
public key certificate CertU 'public key PkU contained in -A' for codes- A, and transmits 
the enciphered information to the authentication vicarious execution server S. The 
authentication vicarious execution server S performs a decryption demand to Client C 
while it transmits the information transmitted from service provider SP-A to reception 



16 



Machine Translation of Japanese Publication No. 2001-134534 



and transmits this infomiation to Client C. 

[0039] Client C is decrypted using private key SkU'-A in which reception has the 
information transmitted from the authentication vicarious execution server S, and self has 
this information. In this way, it can prevent that the information on Client C is revealed to 
the authentication vicarious execution server S from service provider SP-A, and partial 
solution of said trouble 1 is attained. In addition, although the above explanation of 
operation explains the case where service provision is performed by service provider SP- 
A, when service provision is performed by service provider SP-B, it is CertU', 
respectively instead of certificate CertU'-A and public key PkU'-A. - B and PkU'-B are 
used, the information from service provider SP-B is transmitted to Client C, and Client C 
decrypts information using private key SkU'-B. 

[0040] Moreover, it can omit because service provider SP-A and SP-B perform said 
encryption demand autonomously, and similarly, it can omit because Client C performs 
said decryption demand autonomously. With the gestalt of this operation, must manage 
private key SkU'-A and SkU'-B by Client C, and a private key is needed for every 
service, however it is private key SkU'. - Management of public key certificate CertU'-A, 
CertU'-B corresponding to A and SkU'-B can entrust the authentication vicarious 
execution server S. therefore, the authentication vicarious execution server S - it is - I— 
it is not concerned nothing but the application to the service which needs the private key 
for codes primarily is effective. 

[0041] moreover The processings (generation of the signature by confidential information 
SkU- A, SkU-B, or SkP, service provider SP-A of this signature, transmission to SP-B, 
etc.) from which the authentication vicarious execution server S receives client 
authentication from service provider SP-A and SP-B instead of Client C Public key PkU' 
by the authentication vicarious execution server S - You may carry out to any at the time 
before a series of sequences from delivery of A and PkU'-B to a decryption of the 
information by Client C, and after said a series of sequences. 
[0042] [3 of gestalt of operation] drawing 3 is the block diagram showing the 
configuration of the authentication vicarious execution service system used as the gestalt 
of operation of the 3rd of this invention. The authentication vicarious execution service 
system of the gestalt of this operation In 1 of the gestalt of operation at the time of the 
delivery to the client C of public key PkSP-A for codes, and PkSP-B Generation of the 
data which become the origin of generation of a session key or a session key is required 
from Client C. The information which was made to return after making these encipher 
using public key PkSP-A for codes, and PkSP-B furthermore, and was enciphered by 
transmitting to service provider SP-A and SP-B Bidirectional information transfer 
between Client C, service provider SP-A, and SP-B is realized without revealing to the 
authentication vicarious execution server S. 

[0043] In drawing 3 , SSkA and SSkB(s) are data, such as a random number with which 
the session key for cryptocommunication between Client C and service provider SP-B, 
SdSSKA, and SdSSkB become the origin of generation of the session keys SSkA and 
SSkB for cryptocommunication between Client C and service provider SP-A, 
respectively. In the case of the method corresponding to the conventional technique 2 in 
the system of the gestalt of this operation, authentication of Client C is performed using 
confidential information SkU- A and SkU-B, and, in the case of the method corresponding 
to the conventional technique 3, authentication of Client C is performed using 
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confidential information SkP. 

[0044] Next, actuation of such an authentication vicarious execution service system is 
explained. While delivering public key PkSP-A for codes of suitable service provider SP- 
A to Client C according to the service whose client C requires the authentication 
vicarious execution server S at the time of service provision, a return demand of the 
information which the session key SSkA or Data SdSSKA using the generation demand 
of the data SdSSKA which become the origin of the generation demand of the session 
key SSkA for cryptocommunication or the session key SSkA, and public key PkSP-A 
was encryption-required, and was enciphered is given to Client C. 
[0045] By the demand of this authentication vicarious execution server S, Client C 
generates the session key SSkA for cryptocommunication. Moreover, Client C generates 
the data SdSSKA which become the origin of the session key SSkA depending on the 
case. And Client C enciphers the session key SSkA or Data SdSSKA using public key 
PkSP-A, and transmits the enciphered information to the authentication vicarious 
execution server S. 

[0046] If it is required, the authentication vicarious execution server S will require 
generation of the session key SSkA for cryptocommunication from service provider SP-A 
from Data SdSSKA, while it transmits the information transmitted from Client C to 
reception and transmits this information to service provider SP-A. 
[0047] Service provider SP-A is decrypted using private key SkSP-A in which reception 
has the information transmitted from the authentication vicarious execution server S, and 
self has this information, and acquires the session key SSkA. Moreover, when generation 
of the session key SSkA is required from the authentication vicarious execution server S, 
service provider SP-A decrypts the information transmitted from the authentication 
vicarious execution server S using private key SkSP-A, acquires Data SdSSKA, and 
generates the session key SSkA from this data SdSSKA. 
[0048] Henceforth, the exchange of information safe about the bidirectional 
communication link between Client C and service provider SP-A is attained. That is, 
when transmitting information to service provider SP-A from Client C, service provider 
SP-A which Client C transmitted the information which should be transmitted after 
enciphering using the session key SSkA, and received the enciphered information 
through the authentication vicarious execution server S decrypts information using the 
session key SSkA which self has. 

[0049] On the other hand, when transmitting information to Client C from service 
provider SP-A, service provider SP-A transmits the information which should be 
transmitted, after enciphering using the session key SSkA, and the client C which 
received the enciphered information through the authentication vicarious execution server 
S decrypts information using the session key SSkA which self has. 
[0050] In this way, it becomes possible to prevent not only the information from Client C 
to service provider SP-A but that information is revealed to the authentication vicarious 
execution server S in the information delivery to Client C from service provider SP-A. In 
addition, although the above explanation of operation explains the case where service 
provision is performed by service provider SP-A, when service provision is performed by 
service provider SP-B, PkSP-B, the session key SSkB, and Information SdSSKB are used 
instead of public key PkSP-A, the session key SSkA, and Data SdSSKA, respectively, the 
information from Client C is transmitted to service provider SP-B, and service provider 
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SP-B generates the session key SSkB from Data SdSSKB. 

[0051] Moreover, it can omit because Client C performs autonomously a return demand 
of said information which was generation-required, was encryption-required and was 
enciphered, and similarly, it can omit because service provider SP-A and SP-B perform 
said generation demand autonomously. 

[0052] moreover The processings (generation of the signature by confidential information 
SkU-A, SkU-B, or SkP, service provider SP-A of this signature, transmission to SP-B, 
etc.) from which the authentication vicarious execution server S receives client 
authentication from service provider SP-A and SP-B instead of Client C The time before 
a series of sequences from delivery of public key PkSP-A by the authentication vicarious 
execution server S, and PkSP-B to generation of the session key SSkA by service 
provider SP-A and SP-B, The enciphered session keys SSkA and SSkB or Data SdSSKA 
and SdSSkB may be performed to any at the time of delivering to service provider SP-A 
and SP-B, or the time after said a series of sequences. 

[0053] [4 of gestalt of operation] drawing 4 is the block diagram showing the 
configuration of the authentication vicarious execution service system used as the gestalt 
of operation of the 4th of this invention. In 3 of the gestalt of 1 or operation of the gestalt 
of operation, the problem who verifies service provider SP-A, public key PkSP-A for 
codes of SP-B, and PkSP-B how exists. For example, when verification (for example, 
verification of a certificate authority signature of a public key certificate, the check of 
CRL, etc.) of public key PkSP-A and PkSP-B is entrusted to the authentication vicarious 
execution server S, the following problems arise. 

[0054] Namely, a fake public key is delivered from the authentication vicarious execution 
server S to Client C. After decrypting the information from Client C to service provider 
SP-A and SP-B using the private key corresponding to a fake public key which the 
authentication vicarious execution server S recognizes If actuation of enciphering this 
decrypted information using right public key PkSP-A and PkSP-B anew, and transmitting 
to service provider SP-A and SP-B is performed, it will become possible to acquire 
information unjustly in the authentication vicarious execution server S. 
[0055] Then, the authentication vicarious execution service system of the gestalt of this 
operation requires verification of service provider SP-A, public key PkSP-A for codes of 
SP-B, and PkSP-B from Client C from the authentication vicarious execution server S. 
That is, the authentication vicarious execution server S delivers public key certificate 
CertSP-A for codes, and CertSP-B to Client C with public key PkSP-A for codes, and 
PkSP-B. 

[0056] Client C holds the certificate of for example, a high order certificate authority to 
every service provider SP-A and SP-B, and verifies public key certificate CertSP-A and 
CertSP-B which have been delivered from the authentication vicarious execution server S 
using the certificate of a high order certificate authority. Moreover, Client C performs the 
check of whether public key certificate CertSP-A and CertSP-B are invalidated based on 
a certificate cancellation list (it abbreviates to CRL Certificate Revocation List and the 
following). 

[0057] In this way, verification of public key PkSP-A for codes and PkSP-B can be 
performed. In addition, the authentication vicarious execution server S can fully be 
trusted for Client C, and it is not necessary to take into consideration delivering a fake 
public key to Client C in many cases. That is, although it generally cannot be trusted 
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about the information leak concerning the bidirectional communication link between 
Client C, service provider SP-A, and SP-B, it says in many cases that it is not necessary 
to take into consideration about fake public key delivery, and 1 of the gestalt of operation 
or 3 is enough. 

[0058] The reason is easy [ activation ] rather than the direction robbed of the 
information which becomes a plaintext within Server S performs a series of malfeasances 
by fake public key delivery for the external invader who accesses unjustly the 
employment operator of the authentication vicarious execution server S, and the 
authentication vicarious execution server S. Moreover, said verification demand is 
omissible because Client C verifies a public key autonomously. 
[0059] [5 of gestalt of operation] drawing 5 is the block diagram showing the 
configuration of the authentication vicarious execution service system used as the gestalt 
of operation of the 5th of this invention. The authentication vicarious execution service 
system of the gestalt of this operation In 1 of the gestalt of operation, or the system of 3, 
delivery of the information on service provider SP-A from Client C enciphered using 
public key PkSP-A and PkSP-B and SP-B is used. The authentication information on a 
form whose decryption is impossible for Client C in the authentication vicarious 
execution server S is required, this authentication information is transmitted to service 
provider SP-A and SP-B from the authentication vicarious execution server S, and client 
authentication is performed by service provider SP-A and SP-B. 
[0060] In drawing 5 , A and B are the authentication information on the client C 
corresponding to service provider SP-A and SP-B, respectively. In case the authentication 
vicarious execution server S delivers public key PkSP-A for codes, and PkSP-B to Client 
C, it gives an encryption demand of the authentication information A and B using this 
public key PkSP-A and PkSP-B to Client C. 

[0061] In case Client C enciphers the information which should be transmitted to service 
provider SP-A using public key PkSP-A, it uses public key PkSP-A, enciphers the 
authentication information (password) A, and transmits to the authentication vicarious 
execution server S with other information that it explained by 1 of the gestalt of operation 
of this enciphered authentication information A, or 3. Similarly, in case Client C 
enciphers the information which should be transmitted to service provider SP-B using 
public key PkSP-B, it uses public key PkSP-B, enciphers the authentication information 
(password) B, and transmits to the authentication vicarious execution server S with other 
information that it explained by 1 of the gestalt of operation of this enciphered 
authentication information B, or 3. 

[0062] Reception is used for service provider SP-A and SP-B for the information which 
was transmitted from Client C and transmitted by the authentication vicarious execution 
server S, and private key SkSP-A for codes and SkSP-B are used for them for this 
information, they decrypt, and acquire the authentication information A and B. And 
service provider SP-A and SP-B attest Client C based on the authentication information 
A and B. 

[0063] In this way, the authentication vicarious execution server S can prevent becoming 
Client C and clearing up, and can solve said trouble 2. Moreover, even if the 
authentication vicarious execution server S receives client authentication by the own 
confidential information SkP, it becomes direct authentication of Client C is possible, and 
possible to have the means which prevents the authentication vicarious execution server's 
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S becoming Client C, and clearing up, and to make the responsibility for the 
authentication vicarious execution server S mitigate of service provider SP-A and SP-B 
(solution of said trouble 3). 

[0064] Since one of the advantages using the authentication vicarious execution server S 
is decreasing the number of the confidential information managed by Client C, the 
authentication information A and B on the gestalt of this operation becomes common [ 
considering as a simple thing compared with what is managed by the authentication 
vicarious execution server S ] . For example, the authentication vicarious execution server 
S performs client authentication processing in which confidential information SkU-A, 
SkU-B, or SkP was used, and client authentication is received by sending Client C to 
service provider SP-A and SP-B in the form kept secret from the authentication vicarious 
execution server S by making a password simpler than said confidential information into 
authentication information. 

[0065] In addition, since the Replay attack by the authentication vicarious execution 
server S is attained when transmitting the same password each time, it is also effective to 
transmit combining a serial value, time information, or the session key explained by 3 of 
the gestalt of operation and authentication information. 
[0066] [6 of gestalt of operation] drawing 6 is the block diagram showing the 
configuration of the authentication vicarious execution server S used as the gestalt of 
operation of the 6th of this invention. The authentication vicarious execution server S 
shown in drawing 6 realizes the authentication vicarious execution service system of 1-5 
of the gestalt of operation. The authentication vicarious execution server S has the 
authentication function of Client C, and a public key delivery function for codes at least, 
and, in other than three of the gestalt of operation, has a public key certificate verification 
function for codes. 

[0067] In addition, when the method of the conventional technique 2 performs processing 
from which the authentication vicarious execution server S receives client authentication 
from service provider SP-A and SP-B instead of Client C, the SkP storage machine 10 
and the CertP storage machine 11 are unnecessary, and when the method of the 
conventional technique 3 performs, the SkU-A storage machine 8 and the CertU-A 
storage machine 9 are unnecessary. 

[0068] Memorizing confidential information SkU-P for using the SkU-P storage machine 
1 for authentication between the authentication vicarious execution server S and Client C, 
the CertU-P storage machine 2 has memorized certificate CertU-P corresponding to 
confidential information SkU-P. Confidential information SkU-P and certificate CertU-P 
are memorized for every client C. 

[0069] The SkU-P verification machine 3 attests Client C with reference to the SkU-P 
storage machine 1 and the CertU-P storage machine 2 based on confidential information 
SkU-P which was transmitted from Client C and received by the transmitter-receiver 14, 
certificate CertU-P, or confidential information SkU-P and certificate CertU-P. 
Generally, the SkU-P verification machine 3 is referring to the identification number of 
each client C, and the conversion table of each confidential information SkU-P, and 
attests Client C. 

[0070] The SP-A public key storage machine 4 memorized public key PkSP-A for codes, 
and PkSP-B (PkU' - A, PkU' - B), the SP-A public key certificate CRL storage machine 5 
memorized public key certificate CertSP-A corresponding to this public key for codes. 
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and CRL of CertSP-B (CertU' - A, CertU' - B), and the SP-A high order certificate 
authority public key certificate storage machine 6 has memorized the public key 
certificate of a high order certificate authority. The public key for codes, CRL, and the 
public key certificate of a high order certificate authority are memorized by each service 
provider SP-A and every SP-B. 

[0071] SP public key certificate verification machine 7 verifies the public key for codes 
with reference to the SP-A public key storage machine 4, the SP-A public key certificate 
CRL storage machine 5, and the SP-A high order certificate authority public key 
certificate storage machine 6. In addition, although not illustrated in drawing 6 , a means 
to acquire CRL, and a means to acquire a high order certificate authority public key 
certificate are needed separately in fact. 

[0072] The SkU-A storage machine 8 memorized confidential information SkU-A and 
SkU-B, and the CertU- A storage machine 9 has memorized confidential information 
SkU-A, certificate CertU- A corresponding to SkU-B, and CertU-B. Confidential 
information SkU-A, SkU-B, and certificate CertU- A and CertU-B are memorized for 
every service provider SP-A, SP-B, and every client C. 

[0073] The SkP storage machine 10 memorized the own confidential information SkP of 
server S, and the CertP storage machine 11 has memorized the certificate CertP 
corresponding to confidential information SkP. The signature generation machine 12 
generates the signature which enciphered predetermined correspondence using 
confidential information SkU-A, SkU-B, or SkP, and transmits this signature to service 
provider SP-A and SP-B through a transmitter-receiver 14. Depending on the case, the 
signature generation machine 12 transmits certificate CertU- A, CertU-B, or CertP to 
service provider SP-A and SP-B with said signature. 

[0074] The vicarious execution processing section 13 performs vicarious execution 
processings other than the processing explained by 1-5 of the gestalt of operation if 
needed. It connects with Client C and service provider SP-A, and SP-B through a 
network, and a transmitter-receiver 14 transmits and receives information between Client 
C and service provider SP-A, and SP-B. 

[0075] In addition, although what is depended on the authentication method which used 
public key encryption as client authentication is assumed with the gestalt of this 
operation, depending on an authentication method, the signature generation machine 12, 
the SkU-P verification machine 3, and the storage machines 5, 6, 9, and 11 of certificate 
Cert(s) become unnecessary. For example, in password authentication, a certificate does 
not have the need and its signature generation machine 12 is also unnecessary. 
[0076] The above authentication vicarious execution servers S can be installed as the 
gateway of broader-based network WAKUHE, such as the Internet, from the inside LAN 
of the server on [, such as the Internet top, ] a network, and a company, and domestic [ 
LAN ], for example, are realized as the software, the hardware, and the peripheral device 
on a workstation, a personal computer, a router, a terminal adopter, etc. 
[0077] [7 of gestalt of operation] drawing 7 is the block diagram showing the 
configuration of Client C used as the gestalt of operation of the 7th of this invention. The 
client C shown in drawing 7 realizes the authentication vicarious execution service 
system of 1-5 of the gestalt of operation. Client C has a public key reception function for 
codes, and an encryption function by the public key for codes at least, and, in the case of 
2 of the gestalt of operation, in the case of 3 of the gestalt of the decryption function by 
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the private key for client codes, and implementation, has a public key certificate 
verification function for codes in the case of 4 of the gestalt of session key generation / 
transmitting function and encryption/decryption function by the session key, and 
implementation. 

[0078] That is, in other than two of the gestalt of operation, the SkU'-A storage machine 
26 and the decoder 27 are unnecessary, in other than three of the gestalt of operation, they 
are unnecessary, and, in other than four of the gestalt of operation, the SP public key 
certificate CRL storage machine 32, SP high order certificate authority public key 
certificate storage machine 33, and SP public key certificate verification machine 34 are 
unnecessary [ the decoder ] to them. [ of the SSk generation machine 28, the SSk 
temporary storage machine 29, the SdSSK generation machine 30, and 
encryption/decryption machine 31 ] 

[0079] Memorizing confidential information SkU-P for using the SkU-P storage machine 
21 for authentication between the authentication vicarious execution server S and the 
self-client C, the CertU-P storage machine 22 has memorized certificate CertU-P 
corresponding to confidential information SkU-P. The signature generation machine 23 
generates the signature which enciphered predetermined correspondence using 
confidential information SkU-P, and transmits this signature to the authentication 
vicarious execution server S through a transmitter-receiver 36. Depending on the case, 
the signature generation machine 23 transmits certificate CertU-P to the authentication 
vicarious execution server S with said signature. 

[0080] SP public key temporary storage machine 24 has memorized public key PkSP-A 
for codes and PkSP-B which were transmitted from the authentication vicarious 
execution server S, and were received by the transmitter-receiver 36. The encryption 
machine 25 enciphers information using this public key PkSP-A for codes, and PkSP-B, 
and transmits the enciphered information to the authentication vicarious execution server 
S through a transmitter-receiver 36. 

[0081] The SkU'-A storage machine 26 is private key SkUfor codes'. - A and SkU'-B are 
memorized. This private key for codes is memorized for every service provider SP-A and 
SP-B. A decoder 27 is the information which was transmitted from the authentication 
vicarious execution server S, and was received by the transmitter-receiver 36 Private key 
SkUfor codes' - It decrypts using A and SkU'-B. 

[0082] The SSk generation machine 28 generates the session keys SSkA and SSkB for 
cryptocommunication, and the SSk temporary storage machine 29 memorizes these 
session keys SSkA and SSkB for cryptocommunication. The SdSSK generation machine 
30 generates the data SdSSKA and SdSSkB which become the origin of the session keys 
SSkA and SSkB. 

[0083] Encryption/decryption machine 31 enciphers the information which should be 
transmitted using the session keys SSkA and SSkB, and transmits the enciphered 
information to the authentication vicarious execution server S through a transmitter- 
receiver 36. Moreover, encryption/decryption machine 31 decrypts the enciphered 
information which was transmitted from the authentication vicarious execution server S, 
and was received by the transmitter-receiver 36 using the session keys SSkA and SSkB. 
[0084] The SP public key certificate CRL storage machine 32 memorized public key 
PkSP-A for codes, public key certificate CertSP-A corresponding to PkSP-B, and CRL of 
CertSP-B, and SP high order certificate authority public key certificate storage machine 
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33 has memorized the public key certificate of a high order certificate authority. CRL and 
the public key certificate of a high order certificate authority are memorized for every 
service provider SP-A and SP-B. 

[0085] SP public key certificate verification machine 34 performs verification of public 
key PkSP-A for codes and PkSP-B which were transmitted from the authentication 
vicarious execution server S, and were received by the transmitter-receiver 36 with 
reference to the SP public key certificate CRL storage machine 32 and SP high order 
certificate authority public key certificate storage machine 33. In addition, although not 
illustrated in drawing 7 , a means to acquire CRL, and a means to acquire a high order 
certificate authority public key certificate are needed separately in fact. 
[0086] I/O device 35 outputs information to a user while outputting these directions to 
each configuration in Client C, if the directions from the user of Client C are inputted. It 
connects with the authentication vicarious execution server S through a network, and a 
transmitter-receiver 36 transmits and receives information between the authentication 
vicarious execution servers S. 

[0087] In addition, also in the gestalt of this operation, although the client authentication 
function to the authentication vicarious execution server S assumes the public key 
cryptosystem, the circuit which becomes unnecessary depending on an authentication 
method exists. The above client equipments C are realized as software on a personal 
computer. Moreover, it is also possible to realize a part or all functions on safe devices, 
such as a smart card (IC card). 

[0088] For example, the function of the SkU-P storage machine 21, the CertU-P storage 
machine 22, and the signature generation machine 23 is given to a smart card. The 
computer equipped with the reader/writer function of a smart card for the remaining 
function. It is possible to give processors, such as telephone or a set top box. It is also 
possible to give the function of SP public key temporary storage machine 24 and the 
encryption machine 25 to a smart card with the function of the SkU-P storage machine 
21, the CertU-P storage machine 22, and the signature generation machine 23, and to give 
the remaining function to a processor. 

[0089] [8 of gestalt of operation] drawing 8 and drawing 9 are the sequence diagrams 
showing actuation of the authentication vicarious execution service system used as the 
gestalt of operation of the 8th of this invention. The authentication vicarious execution 
service system of the gestalt of this operation applies the system explained by 5 of the 
gestalt of operation to server management mold Wallet for network DEBITTO settlement 
of accounts. 

[0090] Here, as a method of network DEBITTO settlement of accounts, SET (Online PIN 
Extension is included) or SECE is assumed. Although it becomes dealings between 3 
persons of a user, a member's store, and the financial institution gateway in network 
DEBITTO settlement of accounts, server management mold Wallet is software which 
operates on the server generally installed on the network, in order to mitigate the 
processing burden of a user's client SOFUTOHE. Now, server management mold Wallet 
announced will be equivalent to the conventional technique 2, and will be able to see the 
personal identification number (PIN) of the bank account which the user inputted by the 
server to which Sir BAWO let operates. Even if it enciphers between a user and server 
management mold Wallet, in order to create the wording of a telegram which transmits to 
a member's store, it will decrypt once. 
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[0091] Then, the system explained by 5 of the gestalt of operation is applied to server 
management mold Wallet for network DEBITTO settlement of accounts. Hereafter, 
actuation of the system of the gestalt of this operation is explained using drawing 8 and 
drawing 9 . For PGW, in drawing 8 and drawing 9 , a bank server (service provider) and 
M are [ Sir BAWO let (authentication vicarious execution server equipment) and AS of a 
member's store and SW ] authentication servers (for authentication between Client C and 
an authentication vicarious execution server). 

[0092] First, if an IC card is inserted in Client C, Client C pays and a user pushes a 
carbon button as shown in drawing 8 , the initiation which shows dealings initiation from 
a member's store M will be sent to Client C. Then, a user's input of a card password 
performs authentication of an IC card by authentication server AS. Client C requires a 
service log in from authentication server AS after authentication. Thereby, service starts. 
[0093] The menu which asks a user's account from the Sir BAWO let SW is sent after 
service starting. A user operates Client C and specifies a desired account. If the 
information which specifies a user's account is sent to the Sir BAWO let SW, the Sir 
BAWO let SW will perform initialization processing of predetermined between the bank 
servers PGW. 

[0094] Next, as shown in drawing 9 , the Sir BAWO let SW transmits account 
information, a PGW public key (equivalent to public key PkSP-A for codes, and PkSP- 
B), and the information on other (SET/SECE PIHead) to Client C. A user inputs PIN 
(equivalent to a personal identification number A and B, i.e., the authentication 
information of 5 on the gestalt of operation) into Client C. Here, in SET/SECE, since 
what changed the data format of PIN or PIN into the field called PANData is contained, 
this is assembled in Client C. 

[0095] And PIN information calculates the PIN related code data H (PIHead+PANData), 
H (PANData), and E (PkPGW, PANData+K) in Client C, in order to notify only to the 
bank server PGW which is a service provider and to keep it secret to the Sir BAWO let 
SW. H() here shows a hash operation and E() shows a RSA operation. In this way, the 
PIN information enciphered with the PGW public key is sent to the bank server PGW. 
[0096] A member's store M and the bank server SW are good with a function as usual by 
doubling with the wording-of-a-telegram format from the wording of a telegram from the 
usual client C, or conventional server management mold Wallet about the wording of a 
telegram to a member's store M from the Sir BAWO let SW. 

[0097] Thereby, in a Sir BAWO let entrepreneur, it can become difficult to decode a 
bank account PIN and it can decrease the risk which a bank account PIN reveals. 
Moreover, when a financial institution has a means to attest a user directly by PIN, 
clarification of the responsibility whereabouts between a financial institution when 
injustice etc. occurs, a Sir BAWO let entrepreneur, and a user becomes easy. In addition, 
with the gestalt of this operation, it is possible not to add modification to the wording of a 
telegram between the client when not using an authentication vicarious execution server, 
a member's store and a member's store, and a bank server. 

[0098] Moreover, with the gestalt of this operation, a smart card is distributed to a user 
and it assumes using for the mutual recognition between a client and a Sir BAWO let 
entrepreneur server. SSL (Secure Sockets Layer) server authentication or the SSL mutual 
recognition in the gestalt which stored the client certificate of attestation on the hard disk 
may be used. Also when forgery generally uses a difficult smart card and a bank account 
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PIN is temporarily revealed to others in a user's management mistake, the risk by which 
accounts will be settled by becoming a limitation without the copy and theft of a smart 
card, and clearing up becomes however, there are less. [ few ] Moreover, when most PIN- 
related processings will be performed within a smart card when the above-mentioned 
smart card is used as a thing equivalent to the client C of this invention, and cooperative 
use of a terminal etc. is considered, it is possible to raise safety more. 
[0099] [9 of gestalt of operation] drawing 10 is the sequence diagram showing actuation 
of the authentication vicarious execution service system used as the gestalt of operation 
of the 9th of this invention. The authentication vicarious execution service system of the 
gestalt of this operation applies the system explained by 5 of the gestalt of operation to 
server management mold Wallet's customer certification dictation profit in network 
DEBITTO settlement of accounts. 

[0100] In addition, in drawing 10 , about a part for the sequence first portions, such as 
authentication between Client C and the Sir BAWO let SW, since it is fundamentally the 
same as that of 8 of the gestalt of operation, it omits. In SECE etc., before applying for a 
customer certificate to a customer certificate authority, the customer specification 
personal identification number comes to hand by mail etc. from the financial institution 
etc. This is described in an application at the time of the application to a customer 
certificate authority, and a customer certificate authority sets this justification to one of 
the examination items. That is, the customer certificate authority will attest the customer 
by this customer specification personal identification number (it has not necessarily 
attested only by this number and carries out by, of course combining the check of the 
contents of description of an application etc.). 

[0101] In conventional server management mold Wallet, there is a problem of the leakage 
to the Sir BAWO let entrepreneur of a customer specification personal identification 
number like 8 of the gestalt of operation. For example, a Sir BAWO let entrepreneur's 
employment person does the theft of this, when it becomes a customer and clears up, it 
comes to make renewal of a customer private key and a corresponding certificate, and 
there is a possibility that it may clear up and DEBITTO settlement of accounts may be 
performed. 

[0102] Then, the system explained by 5 of the gestalt of operation is applied to server 
management mold Wallet for network DEBITTO settlement of accounts. Hereafter, 
actuation of the system of the gestalt of this operation is explained using drawing 10 . In 
drawing 10 , CCA is a customer certificate authority. First, the Sir BAWO let SW 
requires and acquires an application to the customer certificate authority CCA. And the 
Sir BAWO let SW transmits a CCA public key (equivalent to public key PkSP-A for 
codes, and PkSP-B) to Client C with this application. 

[0103] A user inputs a customer specification personal identification number into Client 
C. Client C enciphers this customer specification personal identification number using a 
CCA public key, and transmits the enciphered information to the Sir BAWO let SW. The 
Sir BAWO let SW is transmitted to the customer certificate authority CCA, after giving a 
customer signature to information from Client C. 

[0104] The customer certificate authority CCA decrypts the enciphered information 
which was received from the Sir BAWO let SW with a CCA private key, acquires a 
customer specification personal identification number, and attests a user based on this 
customer specification personal identification number. The customer certificate authority 



26 



Machine Translation of Japanese Publication No. 2001-134534 



CCA transmits a certificate to the Sir BAWO let SW after authentication. 
[0105] As mentioned above, in order to encipher a customer specification personal 
identification number and to transmit, the decode by the Sir BAWO let entrepreneur 
becomes difficult. In order to prevent the Replay attack by the Sir BAWO let 
entrepreneur, it is desirable to include a value which is different at [, such as a serial 
number, ] every application in addition to a customer specification personal identification 
number in the candidate for encryption. In addition, in the case of the gestalt of this 
operation, in addition to the function of the customer certificate authority CCA in the 
SECE specification by which September, Heisei 1 1 current public presentation is carried 
out, it is newly [ the decryption function of the customer specification personal 
identification number by the private key for customer certificate authority encryption ] 
needed in the customer certificate authority CCA. 

[0106] [10 of gestalt of operation] drawing 11 and drawing 12 are the sequence diagrams 
showing actuation of the authentication vicarious execution service system used as the 
gestalt of operation of the 10th of this invention. The authentication vicarious execution 
service system of the gestalt of this operation is applied as an authentication vicarious 
execution server of SSL authentication of the system explained by 3 of the gestalt of 
operation. The gestalt of this operation performs SSL mutual recognition, and encryption 
algorithm assumes RSA. 

[0107] Between a client and a SSL server, when performing the conventional SSL 
authentication, confidential information, such as a user's certificate, a private key, etc., is 
needed for a client. Since a cost risk etc. follows on confidential information management 
of a user in many cases as above-mentioned, in order to lessen a user's confidential 
information as much as possible, suppose that an authentication vicarious execution 
server is used. However, since all the encryption information on SSL will be created with 
an authentication vicarious execution server instead of a client when making all SSL 
authentications perform by the authentication vicarious execution server, it becomes 
possible to create the common key between a SSL server and a client by the 
authentication vicarious execution server. Now, all confidential information will leak to 
an authentication vicarious execution server. 

[0108] Then, if 3 of the gestalt of operation is applied, at the time of a communication 
link, it will encipher with the public key of a SSL server, and will transmit to an 
authentication vicarious execution server so that it may be made to carry out by the client 
about generation of the Prima star secret which becomes a SSL server and the origin of 
the confidential information which it has between clients, and a master secret and cannot 
see by the authentication vicarious execution server about the Prima star secret. 
Moreover, about the signature of the client demanded from a SSL server, the digest is 
created by the client, it transmits to an authentication vicarious execution server, and an 
authentication vicarious execution server signs with a user's private key. SSL 
authentication is attained without a user's confidential information leaking to an 
authentication vicarious execution server by carrying out like this. 
[0109] Hereafter, actuation of the system of the gestalt of this operation is explained 
using drawing 11 and drawin g 12 . First, if a user inserts an IC card in Client C and enters 
a card password as shown in drawing 11 , authentication of an IC card will be performed 
by the authentication vicarious execution server S. Client C requires a service log in from 
the authentication vicarious execution server S after authentication. Thereby, service 
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Starts. 

[0110] The authentication vicarious execution server S performs initialization processing 
of predetermined between SSL servers, after service starting. Next, as shown in drawing 
12 , the authentication vicarious execution server S transmits a server public key 
(equivalent to public key PkSP-A for codes, and PkSP-B) to Client C while requiring a 
client key (Client Key) from Client C. 

[0111] Client C generates the Prima star secret (equivalent to Data SdSSKA and 
SdSSkB), enciphers this Prima star secret using a server public key, and transmits the 
enciphered information to the authentication vicarious execution server S. In this way, the 
Prima star secret enciphered with the server public key is sent to a SSL server. 
Furthermore, Client C transmits the information which generated the master secret based 
on the Prima star secret, performed the hash operation to this master secret, and 
performed this hash operation to the authentication vicarious execution server S. 
[0112] As mentioned above, although almost all the parts in SSL authentication can be 
performed by the authentication vicarious execution server S, about the part which 
generates the Prima star secret which is the part which a user wants to make secret to the 
authentication vicarious execution server S, and a master secret, it is generable by Client 
C by giving required information from the authentication vicarious execution server S. 
[0113] About the other part, the authentication vicarious execution server S takes over all 
communication links with a SSL server. By sending the part of "Finished" shown in 
drawing 12 to Client C, the encryption communication link (equivalent to the encryption 
communication link using the session key explained by 3 of the gestalt of operation) in 
both directions can be started. In the communication link, it can communicate between a 
SSL server and Client C, without revealing the contents of a communication link, since 
the authentication vicarious execution server S does not know the common key which it 
has by the SSL server and Client C. 
[0114] 

[Effect of the Invention] According to this invention, authentication vicarious execution 
server equipment delivers the public key for codes of the service provider equipment 
corresponding to desired service to client equipment. The enciphered information which 
was received from client equipment is transmitted to service provider equipment. Client 
equipment enciphers the information which should be transmitted to service provider 
equipment using the public key for codes. When this enciphered information is 
transmitted to authentication vicarious execution server equipment and service provider 
equipment decrypts the enciphered information which was received from authentication 
vicarious execution server equipment using the private key for codes Information transfer 
from client equipment to service provider equipment can be performed without revealing 
to authentication vicarious execution server equipment. 

[0115] Moreover, authentication vicarious execution server equipment receives the 
service provider equipment corresponding to desired service. Deliver the public key for 
codes of client equipment, and the enciphered information which was received from 
service provider equipment is transmitted to client equipment. Service provider 
equipment enciphers the information which should be transmitted to client equipment 
using the public key for codes. When this enciphered information is transmitted to 
authentication vicarious execution server equipment and client equipment decrypts the 
enciphered information which was received from authentication vicarious execution 
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server equipment using the private key for codes Information transfer from service 
provider equipment to client equipment can be performed without revealing to 
authentication vicarious execution server equipment. 

[0116] Moreover, authentication vicarious execution server equipment delivers the public 
key for codes of the service provider equipment corresponding to desired service to client 
equipment. The enciphered information which was received from client equipment is 
transmitted to service provider equipment. The enciphered information which was 
received from service provider equipment is transmitted to client equipment. The data 
with which client equipment becomes the session key for cryptocommunication between 
service provider equipment or the origin of this session key are generated. After 
enciphering a session key or data using the public key for codes and transmitting this 
enciphered information to authentication vicarious execution server equipment, The 
information which should be transmitted to service provider equipment is enciphered 
using a session key. This enciphered information is transmitted to authentication 
vicarious execution server equipment. Service provider equipment Decrypt the 
enciphered information which was received from authentication vicarious execution 
server equipment using the private key for codes, and acquire a session key, or data are 
acquired by the decryption using the private key for codes. By enciphering the 
information which should be transmitted to client equipment using a session key, and 
transmitting this enciphered information to authentication vicarious execution server 
equipment, after generating a session key from this data Bidirectional information 
transfer between client equipment and service provider equipment can be performed 
without revealing to authentication vicarious execution server equipment. 
[0117] Moreover, since the public key for codes is verified based on the public key 
certificate for codes received from authentication vicarious execution server equipment 
before delivering the public key certificate for codes with the public key for codes and 
performing encryption using the public key for codes of client equipment, in case 
authentication vicarious execution server equipment delivers the public key for codes to 
client equipment, the public key for codes delivered from authentication vicarious 
execution server equipment is verifiable. 

[0118] Moreover, in case client equipment enciphers, use the public key for codes and the 
authentication information on self-equipment is enciphered. This enciphered information 
is transmitted to authentication vicarious execution server equipment. Service provider 
equipment Since the enciphered information which was received from authentication 
vicarious execution server equipment is decrypted using the private key for codes, 
authentication information is acquired and client equipment is attested based on this 
authentication information in case it decrypts Authentication vicarious execution server 
equipment can prevent becoming client equipment and clearing up, and it becomes 
possible to make the responsibility for authentication vicarious execution server 
equipment mitigate further of it. 



[Translation done.] 
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-9-- fxfiffiB#. fmm- fxtcMJE t/siuia-tf- f 
(tlx -5 fzEmm-&mm^mv^xm^it i . z. com^it^ 

S:MfafglIEmf^f-^^■^M*^^>l^rfE+^-b■■XT^A■^^■■ 

wis?!it-i>it^<, ^y4Tyvmm.fj-h^~^7^ 

muh^~^:^m%i^nh9yA ry vmutffM^z 
uiMim-^mzav^x . 

-9-- fxfiffiB^. fmm- fxtcMJE L/ifflia-t?-- f 

xrurU f'^mz^LX . mtl^yA TyV^^WM 

mi-f~^7.ru)U f'mmziiv^xmti^y^ ry\- 

izith-^xmii-f-^'xr^^uf'^^m^-^^Mmmf 
mmKnijmizti\-^x . 



mm^^mti^y-^ ryy^m^-^nm'thmrc . 

mM^y^ Tyhmm^zii\-^XmM~f~li'xr\jrs^ f 

mmtff^mi^mwMmm^ y g y^-hhuiz(7^^ 

-/>-3y^~ff}7th^j:hT~9i'm.L. mtl-^-/>-s 

mintzm^m'mm^mv^xmmt t , ^ m^it^ 
mti^yATy]-mm.fj^ ^'smi tz hi -ft s titzmm 

mia^f- fxTP ymm^zh \ -^xmmmmm- 
) <-m.-h^ tz s Kfzwik ^ m'^mmm 

^fflMTfI^^tLTmia^ryy3y^-&E#L. 

\Am'%mmm&m^fz\'m\t\zi. oiuiaT-^' m\ 

#LT, ;cOT-^;&^i^t?ia^r-yy3y^-^4)i!cf I. 
mtt'PyA TyV^^Whhv^\imWr~^7.7'ur\A ¥ 

mmz%iv^xTm-f'<^%mm^m%^■^ y y a y=^-&ffl 

V m^it L . ; iOHf ^^tS^i^cffifg^luiaiSfiEmf -9- 

lf^ia^r -y y g y^-^mv^xm^-^t^tifzwmmMm 
mm^-j <mm^- h mi a-9-- r^mh i> 

V Mi mia^ ^ ^ r y b gE^iK3M^.i. ^mi t . 
tuia^r 'y y H y^-^fflv^TBg^-fbsn/sttfg^ 
-\L7.ruJU y^mm.hhvumti^y-iTyvmm.\z 
hv-^xmij^^^mt^-^y'yBy^-^mv-^xunit 
t-i>^jiiit &*L. mmxm~^^mm.\z\mm-iz. 

[ if «ii4 ] it*iM 1 1 /iii 3 tmmmtm'Mz 
h\^x. 

y^ryvm.'^mm-m^z^ mm^^mMmhi^ 

mti^y-i ryvmw^zav^xmmmm'mm^mv^ 
tz^mti fiomi^z^ mmmim^-j^mM-b-^^n 
w.-^fzm'^m'mmmm^m^zmtm'^m'mmim 

[ if *ii 5 ] if*!! ittz\i3 tmmm\xmm\z 
hv^x. 

mtt9 y A ryYmmziiv^x^niY.i'{f3W.^z^ 
xm^\tL. zoym\t^Kfzmmm'mMmi^~ 

|f^ia^?--t■■XT^A■^ ^■■^gtfcl^Tfl^'ft^tf 3 s 
kz . mmMm^~> -mW-h^ 4 gftK o fz § 

/sttfg^ Bf ^ffl^^ffl^ffl^ ^Tfi^€ t T irriaMiiE'if fi 
^ Eff t , i toisiiEffiig ^mzmit ^yAryy mm.(^ 
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- fx tMjtE L luia^f- fx 7°n fmm.(m%^Wi 
i^w^Mis^ ^ A ryvmm^miL. mib^ ^ ^ r 

pie^ 7^ ry b^Mii. miE-9--f xrnA-^ r^n. 

[|f*il7 ] ■9--fx^tififct-S-9--fXTnA-^ 

-b-xfm^S(ti> ^ ry fg^t . |fria-9--b-x 
Wismit 'pvAryvmmz\^h-->x mi a-9-- fx ru 

- f X t:MJtE L/S tuia^f- f xTn A'^ ^--ggt^M L 
X. mlE^^^ryhSMtOBtWi^lBa^iEiSL. m 
IB-9-- f XTnys'^ r^EA^ li-gftEo /-cBf fitz 

'iffB^fffia^x^ ry bMg^teMt-&^s&*L. 
fria^f-f xrn^s-^ ^-M^fi. luia^ x^ ry 

fzm'%nMm^n\^x l , ; cost ^^ts ti/i 
3 1 ^ < . ^f- f xTPA-^ ^■■gg*^'?. ^ X ^ ry 

^^^^'IffgfeM^ff 3 ; t &#Stt-&MliEmf-t?--f 

xi^Xri^o 

[IM1I8 ] ^f-f x^tifitt-|,-9--f xrnA'^ 
S^t. f[fa-9--fXTnA-^^-S^tg^§^/S, 



-f xfm^Stti> ^ x^ ry NM^t , l^ria^?--f X 
f'mmt^y^ry y^w.t<Dm{zmif^.tif^ 

m^mm^ x^ ryy-mm^zithnxmrn-f-iixra 

) -^A f^m.t)^ iSiiE^ g(t IgfiEmT-tf- f X ^x T A 
\zii\\x. 

- fx tMJE L/i mia-t?-- f xTn^ M r^m.m%^m 
^w^mia^x^rybSg^ieML, irria^x^r 
y vrnw-b^^^mt-^ /iBf^^Ls fi/sffiis^ pfB-9--f 

XTPA-^ ^-B^^fe^IL. fffia-if-fXTPA-^^-B 

m^^^\mntin'^\t'^fifdmkm\%^'p V A ryv 

mni^yA ry bSMtt, MIE-tf-f xrnA'^ 

fc ^^rHi^^Bf -f-afiffl-f V y 3 y^-S) I) V m ^ co-t ^ y 
ay^-07ut^l.T-^^4)tL, mlB^r.yyHy^ 
I. V ^(ir-^ ^ miBfgliEmT-tf-A-gM*^'^g(tE 

f XTOA'^ ttfg^iuia^r -y y a y 

luia^f-f xTPA-^ r^Mii. ffiamt^f^f-^^'M 

V ^Tfl^-fk LT mlB^2 y a y^ - L . I. M(i 
Bf^ffla5SiiSrfflv^^cfI^{[it J; Dluiar-^ t 
lcr)T-9fj^^mMZ^'y'yay^~^:^!^Ltz'ik. 
mM^yATyy- gg^iIflt-< # 'If « & fria^r 'y y a 
y ^ - ^ M Bm-it L , ; c7)Hf ^€ § ix^c ffilg ^ tulB 

-r\mm^zim^-t^^k^j:<. i'yATyhmmt^ 
-f xrnAw mmm(0Miimwm^Mi:'Aid z. t 

^#at^l>ISIiEmT-9--f xyx-fA, 

[ iMii9 ] IMJI6 ^ /■ci±8iati«iEmT-9--f 

xyxrAt^iiUT, 

miaMttT-9--A-ggii, mtim^m-'mmmti^ 
yAryvmw^m&thm^z^ mtim^mMmt^ 
i^zn^m^mmmm^mm-h^m^L . 

fzimm'jimmimmm^zmnimnmmmt:mEt 

[ if *ii 1 0 ] if *JM etfziis mmmmxn^- 

fxyxrAtci^i^T. 

mm^ y A Tyvmmii. irriaHt^^^^Ta^t;. 
gi^MiiEffifB^ffliaHf ^ffli.^r«^ ffli Bf L , z 
m^itwz'mmmmitm~^<mu^'-mmi- 

luia^f-f xTPA-^ mmii. mmm^itmom 
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fx 7°n f^mm^)^ ^ mm & g(t i. trnM-m^-^ ^■m 

- fx tMJtE L luia^f- fx 7°n ^-ggiOHf ^ffl 
^< , Wg^'fk§n/Stt#SrplE-9--fXTnA-^^'- 

itmm 1 2 ] ^f-f x&^mt-l.^f-f xTPA'^ 
^Mt-tf-f xfm&^ft I. ^ x^ ry f^^t iorei 
t:|g(t4ix, MIB ^' ry b^Mti-fti^-^TMIB-tf- 

m^zax^x. 

- fx t:MJtE L tulB^f- f X Tn A'^ ^-''gMt^M L 

mnm'mm^:m\-^xm'^iti^Ktzmmmm-~\z 

umm 1 3 ] -^--f x^ tmt-i.-9--f xrnA-^ 
^'-^Et-tf-f xMft^gft^ ^ x^ r y b^^i; oral 
tisft^^^x. Mie?' x^ ry hmmizith-^xmm-f- 

mzav^x. 

- fx tMjtE L tz mm^~ f X TP ^-ggi^Hf ^ffl 

fflia^ y A ry\-mm.^w:ikL. zm^wk 

I. ui± ; -y H y ^-c^Tt: t I. T - 3^ ^ fria ^ X 
^ ry Ymm.ii^h^\m o , Bf^fflS5SfflS:fflv^/-cfi^ 

^l:^^fi9^i:l.^< , mW^^\t^Kfz^ -y h y^-J> 
I. uiir-^ ^ tulE-tf-f XTnAW ^-^^^1^31 Lfz 

mm^'y'y ay^-^mx^xm^it^tLfz. mm^ 
y-iTyhmmfj^^mmmiiv-~ii'xrn^i-i 

\t^tifz. t?iB-9--f xrnv^-^ f^m.t}-^i^ommm 
it'^yATyvmmf^mkth^fk.^^^h z t imm 



I mmn 1 4 ] it*ii 1 1 ^ {± 1 3 f Ea^^MlIEft^f 

^-^^mUiziii^x. 

mmmim^-^ <mmii. iffia ^ x ^ r y b ggtcfr 
mm^mikmmiommmh^iKK , if[iaBf^ffli,^iB 

umm 1 5 ] -9--f x^fm^i.-9--f xxnAw 
^■■gg t - f xfm ^S(t s ^ X ^ 7 y h t cT^m 
{zM.\i^fifzmmxm-rmm.ifimti9 y^ryhm 
m.iz\-xh'^xmm-~^xruJiA rmmt-^Am^^ 
ft !> MiiEmf -9-- fx^x^Atfcft I. luia^ x^ ry 
vmuxh-^x. 

mmmm^i^-^ ^mm-^ ^ x ^ r y msiie ^ gtt i. 
fz^<7^m^i^m-m^m.^mmitz i c^-k 

l^^iB^?-- f x rn ^-gM^Mfit-^ ^ ttffi ^ Bf ^ffl 
^mmmv^xm^itthmmt^nt. mibi c^- 
F t j; -5 T ^feRgs tLtzm^mimmm.im^~j ^■mm.^ 
MIL . mmimx^^^-^^mm.ij^^mm^Ktzm'^m 
mkm^mt-^xmtimmt^^k'^m l . miBBt ^ 
it^mz i-,x mmt § titzmm ^ mmtmm^-f 

zhmwcth'7y-iryvm.. 

[if*il 1 6 ] -tf-f X^fm^l.-tf-f XXnAW 

ymw t -9-- f xfif* ^^(t !> ^ X ^ 7 y h t coPhI 
t;ia(ti^ii/-cmttT-9--A'gM;&iiuiB^ x ^ 7y 
gtftioo Tifria-9--f XXnA-^ ^■Bm^^.MliE&S 
(tl>lgiiEmT-9--fx ^-XrAtit^ttl.lulB^' x^ 7y 

mmtrnKm-^ ^mm^ ^ x ^ 7 y msii ^ sft i. 

/iS^coW:&^4figt-|>W^4fiS^I5t. mlB-9--fxT 

rmf^m-f'^tmrnn^wmmw^^x 
m'%\tthm'^m-wh^mtfz \ cfi-Yii^hts:hh 
nz^ 

miB I cf]-Y{zi.'^xm.^Ktzm^m\tmm.m 
^-^w^rnt L , Mi BiSfiEit^T-9--^ <mm^t^m% 
§^i/-cBf^ffld,^iBii^g(tiX'3Tfffa I c^- b^ffiti 
luiai c^-Kt;j;'5TBi^'fb§^/-cttig&ifrfais 

mm-^ti:hztmmh^h^y-iryhmu. 

[000 1] 

^■■ggt x^ Tyymw}:.^mzm.n^fitzumm 
^~j^mm.t-9yA Tyvmm.{z\-xh'^x^~\zxru 

-f xi-xrA. mmx^i^-r^^wm^ y -i ryv 
mmzmti>{.(^^xhh. 

[0002] 
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Mi.H'^^°-Xy-H\ RSA (Rivest. Shamir and Adle 

man ) tj: H (rymmm^if^i^zm mmm. des 

(Data Encryption Standard) tct'^i^^mjj^iOi^'^ 

[00 03] Miif. HI 3t:5;f J;5t:, S)^^^^ 

) s P-At: i oTtm§ixl>-9--fxA t-tf-fx 
rmH ^^-'s P - B d '^Ttms^ii.tf-fxB t:^ 

u-Atsku-Bimfnix^y-^ryhmuimf 

mi3l,Z}5\-^X. Ce r tU-A, Ce 
r tU-Bii. ^tl^^-tiafg'IffgSliU-A, SliU- 

B miL'Ltzmmmx'h i> . ; commmnir^^zx x 
li^^mxhi. mui. mmm^u^xn. mmwrn 
s kuammm. c e r t uwmmimmt^j:^ . t£ 

[00 04] m^xh^-^y^r^rU f7SX^y-f TV 

vwk(^mmz^mMo<s.. rn'mmm.^ n-\,z-fh ^ t 
M^mxhh. mm. m\ 3\zif-.Lfmxmm. ^ 

- fx r s'-Y ^- S P - A t S P - B iS^^^m^ftOil . -9" 
-fxrnysw y S P - A(:M^§IB#|f fgs l£ U - A 

(014) » tftt:, ffiac^Mt'^-SStTC0 2'3C7)-t?--f 
x-r-*^H'. ^g^^omST1i^f-t■xT^A■^ ^'s p - 
At S P-B(iR-T-J^|,/-cfc. ^EfiibSiS^W^T-J) 

^Et- !> i t \mmxh 0 s^6<jTi±5: ^ \ "p^Ary 
vc{z%mmm^Wiitm.<p^w\oMv^^^. %mmm. 

[00 0 5] 9y-i7yhmmzm-fi>MWhhm.m 
-wcr !> t , mmM ^ \mm\zmmh ^uz^ 

D . n-ommWAz j; 0 fgfiE^gtt !> ^ t *%tg^±l 

^tj)i>„ m \ ^\z7kfi.o{z. %mmm.[zn 
tu&m^mmM<zK - a3^i,i^{±ca-b ^^mt 



L. ^i^MflEiiCA-A, CA-Bi?)K^McMLT 

§ kzHmmmMiC a - R*i|iEHi5#^MTt-i. . 1 1 ^ 

TPA'^ ^-S P-A^0S}^ffifgtMt-|>fgilE7U-fc+^ 
-h■■XT^AW ^--s p -Bo%m%m.^z^thwm.v y 

-*^'±{4t:*3V ^T3c*^^f -5 T V K#[f IB S 1^ U 
- A j; -9 T -9-- fx 7°ny s--< r S P - B fx ^ 
^Sffit't:|>±|-^/&^'tfcl>„ HI 5t:i3UT, CA-A, C 
A - B (i^f-f XTP S P - AW- f X Srgtt 
l>/i:fci^fgfiEi^, CA-R(ifgiiEJ^CA-A, CA-B 

ffyHWMWm:hh . ifc. ca-a, CA-Btc 

A - R t to c^irBl J) !> I. C A - Rt0±f5 1 ffitOlSfiEii 
*^'ltft-tl>±|-^t)fel> o -tf-f XTnA'-f :?-S P - B 
fi:. S^^^ryb OiSliEJ^T-S) !> C A - B a)UM%U 

ii C A - R ;Oi|g|iE t T 1/ ^ !> C A - AtOMf t /-cflEHJ* t 

1 D , IBS'lf IS s It u - A ^fflv 7 ^ r y MStiE^ 

[0006] HI StOti'&tliol/^T^j. ?)J^(9>l)-9--f 

xtoMiiE7 y -t;3£*^s/i^i> z. t immx'h o , t 

fz. iiif^.i^^'^fztLXh. ■i^^:i.0^^coM^com^-^ 
ft: J; D ^-t^L ^.-tf-f xfm^^'^fg t (iPfi^^i 

^^•9. ^x^rybc mixh h t^m^-^ tz t lx 

t . ^?--f XTPA-^ rto^jitt j;oTii-9--f Xffiffi 
b IStiE*^'^^g*^ifcO-t?-- fx ^ gft !> ±1^ . ^ 7 ^ r 

y b (i. #-9--f xt^MjtE t^ca wifsffifg^ i^at- 
I. mm hi . t^^ozt fj^-&mizi±m ti. iz 
xn. \5i-mmm^zx mm^rn'ri z. t t^x^ i> 

ti^^ r-t;-_h-xc7)ig|iE#;9^*^'N-j tBfi^^ttt- 

Kmz. ^-commwmizxmmi:^nizkti^ 

rHf_b-xMiE#:^^iMil>j 

[0007] -mz. %m'mk^mwm^. Rmmm 
mimv^x^^ATyYmm.i^nhmm.i^y-i7y 
YC{zm^-fhzixYit±^<. mmm~^xmL 
xmm.mm»m^m\^hi^^{z\iwjz±%<tj:^^.^ a 
mmmmm^zmLxmm. ^^i^mmm^M^Ltzm^ 
izitv- f X ^g(t tii < i -5 T t s 3 1 1 ^ ^ mmfj^ 
^ t . mwwm^m^ ifzt^^^zmm ^y^ryvf? 
n^7Ary\~{zts:r)-ft-fimti^hhtz^. s^ffiit 

mm^mmmm^'mt^mi^^zii. «fi^co c> m) 
zixYti-±%<^j:hi.{z. mmmm^zxnxit. Kti-h- 

[0008] %mmm^m\^fzi^^4Ty]-mmmm\z 
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[0 0 0 9] :L<J:>i.3tj:^ =! ^yyy^i^^oMS.. t 

9vAryv'^mmmmth%m'mm.^'yti:< t 

^3o*%|,, 

xvMtB&mmti. 

[0010] mmmi 1 {±, mi 6 izji^tx o imi 
m-f- t'xf^fjt pjf s p coimmt h H 

mfi-ikLX\-^tj:t^-^fzi§i^t<Z^ fgiliiCA-AO, C 

A- B 0 n±<7Mmmmkmtf^ ; t x\ n~<7m 

#lf#t: j; DiSliE^g(tl> ^htj-^Xt ^ztlli^ 

Xhh. mi 6{Zi5V^X. CA-Al , CA-A2, C 
A-Bl, CA-B2iilSliEM. CA-AO(i:ISliEJiC 
A-Al, CK-A2(r)±ML(^MMM. CA-BO{ifg 
liEJiCA-Bl, CA-B2 cO_hf4(7)|gfiEJiT-fe l> » ^ 
- fx TP A'-f ^- s P - B ii , U^y-iryV c^MMM 
{^J;tH'CA-B 1 ) M5fgiiEiiCA-B0tffii0± 

MiEi^c A- A 0 1 ffMxMmmmtiimL-th z. t 

J; D , s k u - A ^ ffl M/i ^ ^ ^ r y MSliE 

tmm^^~i^yr^juf'<7)^Mmm^'mx$)h 
[00 11] m^mrzii, mi nz^.i-xdiz., 

A ry Vc.mm^h-^(^)m^mkn\z^<^yWyWM. 

w.m:(mm%m.. imm. crl (^wj»yx 
y y mm?'mA^~ fx \z'~j\^x\mmx{i^~) ^ s 

h^^-\:7^ru)\A ^"S P -A, S P -BrHlTlSliES 

a :s-5^T-* mii\,ziiv\x. sku-p \mm\ 

Sffi#T-S)l>„ ;c^Wgtt#SkU-Pt:o^^T(i:. ^ 



'If IS S k U - P t^MJE L/iliE0J»T-?) I. „ i i^fiE0J»{± 

\t . m^mm. s k u - p mmm . c^rw^-vwk 

[0012] #*Sffil tit^TlStiE 

^mKm-r^s\iMm^fl-f. ^y^ryhctix 
m^^iumm^m'mhi^^xhh set (secure 

Electronic Transaction ) ^SECE (Secure Electr 
onic Commerce Environment) (CliiVi'CtiflJffl^lSilE^'' 

mXm-ri^zm^h^^ifi^'^^KXii 0 . 
\t^flXV^h. 

[00 13] WkwmM. mi Steffi at;, t?-- 
f xTPA'-^ ^'s p - A , s p - B:^)^/b ^ X ry MS 
fiE^gtti.St. 7^ ry h ctoM^ttlg^ffli^i, 
coTii:^< . mmxii^-r-<'s,mo%mmmi^ k p ^ 

ffll^l.*3^:T-*l>, Sl8(:fc^^T, CertPfii}^ 
'If |g S k P (;MJE t/-cliE0MT-|) !> . O ^ 0 . ^f- f X 
TnAW niiJA^'^ii. iSliEmT-9--^^'S*^-9--f x^g 
(tTMl.j;a(:M;il>o ;f^#*Kffi3t1i. Wkm^ 
2hWmz. #^'x^TybC{±#-9--fxtMJiGt-|> 

i}#ifig&«at-i.^^^ii:^< . i /^mt^T^?--v^■s 

(:^l., 
[00 14] 

[%0J«*tJ;3 tt-|.ilM] L^^t^^itf., Iil±f0 
2 . 3 (:(i , lilTi^ J; 5 ^ 3 -^c^mm 

mm^.i : ^'x^rybcfc-'f-fxTnys-^^-sp- 
A, sp-BreiT-^D t 'oth-'Ekxmmmm.mi'f 
^ s \z:mmh . ^y47yhc^ztnx imitn-^ 
■^■ s \±mwx-% h ^^xh h is^ . -9-- fx {zx.-,x\± 

■^f-fXTPA'-^^-S P-A, S P-Bt^tg t t9-tl> 

'lfli&SfEL/s^^*i^^%i>, Mt, ^^^ryfct 

fgiiEmftf-^^'Si^rsl fgliEmT-9--^^'S t-tf-f XT 

n r s p - A , s p - B i^rai ^ -enmsf ^-ft LT 
V ^/-c fc LT . mttf s nx\mm.wm\t'^ 

* 1 \mmi 2 . \mmk 3 '7m^\z^mh h 

xhi, 

[0015] rami- 2 : mmmi-t-r^st^^'y-iTy 

hC^Ztc^tt L/i*l^. -tf-f XTPA'^ ^-S P - 
A, SP-B(iijT1±5ligT-^^:^\ #*tS»2(:i3l^ 

MiiEmf-9--A's{i. ^'^^ryhSf^'iffg^fm 
bxv^ifz)^. ^^^rybctiot-^t-ifc^^'^tg 
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-\L7.r'nrU f'SP-A, S P - B :^)^ 4 iftflT-^ l> 
ifiM^-fht. •f-U'xrnrs-i f'sP-A, SP- 

th^Lh m\^.^^t h t , ^(m.'mmm'kmmK 

[0 0 16] : ^^-fryfCt-if-fXTn 

A'^ S P - A , S P - B rHTt-tf-h-X ^mkfh « 

^^--sp-A, sp-B(i, mHXi^^->'<^n^om 

■5, -^--fXTnA'-^rsP-A, SP-B 

icoTh^. ^m~^xi^y4Ty]-c{zm\ih9. 
fit, ■9--h-xj^ji^^^^rybc*^4SKt-i>«ff 
^msfiEfttf ^' s t ^t-i ^ { {z± t !> 3 

< h (a 1211^7-9-- A' s 

m^mm-thti^i^z-^i^tif-ho^-^ . itmzmth v 
A ry vom'^iwmKii^-mzi. "^m^loo. m 
laraiffl 1 . 2 st^r^iM * 3 ^ iifftt-i. ^ t ^^'t- 

'm-^^^mwm^yAry vmw^mt-fh ^ t ^ s 

[0 0 17] 

[US* ] t^%myWm.miH'& 

f'xfgffi^gtti. "pyAry v^m.h (^mzm^^Aitz 
mmxAi^-) ^mm^'pyAryv'Amzi'K.hnx^- 

oM^wmm i msmm-f mm- ^^^Aryv 
mu^m^fh^mt, ^^Aryvmrnzhux^- 
fxrnys-^ rg^^Mfit-<# 'If fg^fgiimf-t?--^^' 

lit , "pyAry Ymm3i^ty'mm'^fm^\t^fifzm 
mmmm^-) mm- fx7°n a-^ rmm^ 

m%mmim^-^xwj\t-fhmwc ^^^hho^xh 



)mm-^.mkfi.mM:c . ^f-f^rnA-^ fmmz 
iiv^x9yAryvm^^TMt-f^%mm.-^wmxm 
-rmm.t)-^.mm-^ fznwkxmmv^xn'^\Y. 

t-i>^jiiifc . ■'f-fxTnys-^ fmrn-hmm-^tM 
'%\t^titz>m.mm.m^-rmm-^,7yA ryv 
mm^mmt 1. ^ mi t . "^yAryymmzav^xmm- 

m%mm&m^m%^\Y.-^hmwc^^^h %(^yxh 

[ 0 0 1 8 ] i/i, t-%mommxmmi. -9-- fx 

^MtOBf ^ffli^^lBiiS: iSfiEmf -9--^ ^'^M*^ ^ x ^ 7 

yh^^^BdjM^i.^iit. '7y-iryv'm.\ziiv^x 

^-yl^^y^~hh\ ^iir - ^ ^1211^7-9--^ 

mm-t,^\m-> f3%^wkwmmv^xn'^\t l , ^ 
lit, ^x^7yf^m^^.gttEo/-cBf^^b§^i/stt 

$EjMt-|.^lit , tf-fXTnA'^ ^'-^MtciSMTlgiiE 

mmmw^\ ^x\%^\t txf v ^ 3 y^- ^ m#l , 

%\^x . z'nf-^ii-t^'zvy By^~^>^mtm%. 
ryvm^hhvm~}z7.ru)U rmw. 

tCfel^TMfit-^tffifg^^r.yi^ay^-^ffll^TBf^ 

ft^s^iit , -yy 3 y^-^mv^xm^it^Ktzm 
mmmim^~fmmj-^^~^x.r\iJUd'mm.h 
hUii'xATyvmm.^mm-fh^m.b. ^vy^y 
^~mv^xn^\tMltzmm^^-^7^ry^^Mf^A 
m.hhv^M'pyAryvmmziiv^x^m^^th'^'y 
y 3 y^-^mv^x'<m\tth^my- mt^^^o^xh 

[ 0 0 1 9 ] i/s, if%mmmim-^mc^imm\}i 
Lx , m^m'mmmmxi^~jmm-t,9yA 7 
y vm.^mm-hm^z^ m^mmmtnzmwk 
mmmm^Emthmw± . ^xAryhmm^zhv^ 
x^^m{kfmmv^tzm^ml^m^z^ mmm-f 
-frnm-^mm-o tzmnmkrmmm^immn 
mkmmMmth^mt coxh tfz. 
^mMmMiiXiiimio 1 mmi tix. "^xAryv 
mmzav^xn'^it^'i'iomz. za^^yAryvm. 
mmmmw^nMmmv^xn'%\Y. l . ; 
\t s fitdmm. ^ mwxm-^ mm^mm t ^m. t , 
^?--h■■xT^A■^ r^m.^zhx^xm'^miomiz. it 
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[00 20] tfz, ^IgHHcOfgfiEmftf-f'X^'XTA 
t LT, mtff-9--^^'^M ( S ) (i, tf-fxt^f* 

y b mm^ t^9.\m tz m'^it $ titzmm ^ -9-- f x r 

(C) ^f-fXTnA-^^-Bg/\Mfit-<#ffifg& 

mm.im^-^^mm.fj^^'S\m-^fzm'^m'mmim\ ^ 
xm^it L , .zmmt^Kfz'mmmimxm-r^^A 
m.'^mtfh^m^L. ^-\LxruJUfmu (s 
p-A, sp-B){±, immf^-^ ^^m.t^ h g \m 
-^fzn^\t^Kfz\%mm^mmm:^m^xm\tt 

-fX^-Xri.t LT, ISfimft?--^^'^* ( S) tt, 

-9-- f xigffiB^ . fx kznm l /i-*?-- f x r 
u)M ymm^zn UT , ^ X ^ ry bggiOHf ^ffli;^! 
m^tm L , -tf- f xrnv M rmii^i^^mt-^ fzn 

^f-f xrn^s'-f ^-^M (SP-A, SP-B) 

i mmt^fifzwmMmx\i^~) <mw^mt-th 
^I5^*L. ^x^ryhSM (c) (i:. mtff-t?-- 
) t,mm n tzmmt $ tifzim ^ m^mmmn 

[0 0 2 1 ] tfz, *^0J^OMlIEmf^?--f Xv-XxA 

k bx. imim^-r^mm ( s ) {±, ^?--f xfif* 

fm<^^~ fx (:MJ£ L /i-tf- fx r ^-^ ^--gg 
i^Hf^m^l^^^x^ryb^M^SdilL. ^x^r 
yhmmii^^^mm-^rzm^itBtLfzwm^-f-^'xr 

fzm^it^tifzwm^ ^3Ary\- mmr^mt 
^^gs^L, ^x^ryb^E (c) {i, -tf-fxT 

nA'-f ^■'M^tiOrBliOBf-tafiffl-f 'y y a y^-J)l>l^ 
i±;i0^r-yy3y=?f-t07Cfc^rl>T-^&^feRJct. ^r.y 

y 3 y ^-fei> V ^iir-^ ^fgiiEmf -9--^'^^*^ 
(tjx-^ f3%'%^^mm^\^xm'%\t l . ^ ost ^-rt^ 
Kfz>^mkWMKm-) <mM/<mt t /-cs. -9-- fx 
ru)U fmw^jMtt'-^^ 'If fg^^r y 3 y^-^ffl 

^g^iMftt-|>^l5&^rL, -9--f XTP^-^ r^g 
(SP-A, SP-B)(i, MliEft^f ^mm.-h- 
(tlx-:. /iHf ^-fbS Bf ^ffla^a^ffll ^Tfl^ 

jtLT^r^yay^-^E^L. J^I>M{i:Bf^ffl»@ll 

h'^v'ysy^-^m.Uz^k. "pyATyymm.'^m 



^it-<#'lffB^^r.yy3y^-^fflv^TBf^'^tL. 

[0022] i/s. *^0JiOfgiiEmf-^-f xyx-fA 

m'PvA ryv^m.'^tmfmr^. m'^wktmh 
nzm'^mMxmm^wm-th^w^^ l.^va 
ryv'm.\%. ^'%mkm^^m^^fzm'%\Y.mom 
\z.^ %mm'^^~)^mm)'t^mm'->tzm'f^WJMmt 
m^^mzn^wkfm^mtth^m^th h o^x 
hh. %tz. *%BjioigfiEmf-if-fxyxxAioiii 
m\kLx. ^vAryvmmi. Bf^'fb^^f^^^;. 
^^m.oMwmm'^wmmmv^xn'^\Y. l , ^ 
m'^it^fifzmmimKm-) <mf<mwfh^ 

llS^rt, ^?--fXT^ysw^■'^Mii. ^I^'^b&^fa^ 

t:. %%mxm~>m'm^t^mM-^t:m'%\t^Ktzm 
m.im^mmmk%im^x'm\Y. bxmmmm.^wM 

L. ii^fgfiE'lflgSKt; x^ ry b^gt^lSfiE&tT5 

^m^^hi^o^xhh. 

[ 0 0 2 3 ] i/i. *%0j0fgiiEmf-^-A-Mg ( s ) 
ii:. -9--f xfms§. ?mon~\L7.{zn^hfz^-^ 
xrvirsA f^Mwym^Wkmm "^^yAryvmrnf^ 
wkL. z m^mkmimmv^xmmt^tifzimi 
^yAry hmufj-^mm^. m^mmm^m^^fz 
mit^:nh^iK< . mnit^titzm^-^-t^'xr 

tz.. ^mmimiw-t-r^mm is)ii. -9--fxfs 
im. pmc^^~^^xmmLfzv--^^xr\3r^A ^^m 
UizMLx ^yA ryy^m<^mnmmmmm 
I. zcom^mkmmim^-^xm^^t^tLfzmmi^- 
f xTpy ^A rmm^^ ^^mm d . m^mm^m^m^-^ 

fzmitHlh^^^< . BmititifzWm^: ^yAT 

yhmm'\mmt^^m^t^ h(7)x$)i. 

[0 0 2 4] ttz. :^wmtmiwv--rmm ( s ) 

(i:. ^?--f xtme^. FJfat^^f-fx(:MJ£L/s-tf-f 

xrnrsA rmmcom^mkmmi ^yAryymm'^ 
mmt. 1 m^mkrMmm^^ximit^tifzmwM 

fiffl^r 'y y 3 y^-J) I, 'y y 3 y^-cr)Jtk 
^j:tT~9ii^yATyY mWifi ^^\m 0 . Bf ^fflSf 

>■ By^~hh\AiT~9^:^~\LxrnJiA fmU^ 

mtLtzm. ^-/'^By^~im\-^xm^it^h.fz. ^ 

yAryvm.-h-^t^,aMm^^~^x.rTi)\A f^m/^ 
Wkfhhnz.. ^v'ysy^~^mv^xm'^\t^K 
fz. -9--f x7°nA'-f r^m^^feto'iffg^ x-f ry b 
mm^mmti^^^i^i-ihcoxh?^. ttz. *^0j 
t^isfiEmf mmco 1 , ^ X ^ 7 y b 
^zm^mkmm(omE^:'^ih^^^^< . s§^mrmt 
mzm^mkmmmm^:^yA Tyhmm^^im-ti 
^m^t^hcox^i. 
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[0 0 2 5] tfz. t^wm^y-^ryhmm (c) 

tfz. ^wm^'y^Tyhmm (c) ti. isiiEfttf^f 
-rmm^^i^^i' y A ry MSfis gtti. tz'^'^m^^'^ 
mm^m.^fk t . -9-- u rm/^mm 

mt^muzicti-Yt^h^stbnz^ ic^-Kt 
i.-^x^^k^fltzm^mm.ixm~r^m/^m\tL. 

^tifzwmmmim^-r^mm^mmt^m^m^^^ 

[0 0 2 6] 

iwmmmmm.] Lmmmmcoi] mz. 
commmm^z-jv^xmm^mmbxtnmzmm-ti.. 
m 1 ii^mmm 1 (ommmm tt^h mmm-f- f 

MSfimf -9-- fx v-Xr A(± , 2 J) 

h \ ^mmm 3 1^*. \ ^x , isiiEmf ^'sm ( m 

T. fgfiEmf-if-^^-t^t-|>) S*«cO-9--fXTn 

fuym^im. ^-\f7.rujuymt^^) sp 

-A, SP-BiOd;^|liliPk SP-A, PkSP-B^ 
Ti3#/iVv[f|g^;i7)^^PFll|PkSP-A, PkSP- 

t'xrnA'-^^-'sp-A, sp-BtMfiL. -9-- fx 

Tny r S P - A , S P - B fK^li S k S P - A , 
SkSP-Bti; o Tfl^-fL § it I. i t T\ Mttf 
-^^S{z\mm-l^hts:< . ifyATyVCt-h^- 
^"S P - A , S P - B^cO'lf fglEjM^Sil 

thh(r)Xhh. 

[0 0 2 7] Hf-fXTnA'-^^-SP-A, SP-Bt 

ioflXV^h.mi^ZhV^X. PkSP-A, PkSP- 
B It^tl^tl^- f'XTn^ U^QP-A, S P - B to 
Bf^mW. SkSP-A, SkSP-B^^im^f 
-\z7.r'nrU f'SP-A, S P - B cOHf -^fflffigHT- 
ht. tfz. SkU-A, SkU-Bfi-e^xm-tf-f 

XTn^s'-f ^"SP-A, sp-B*^^,^?--h■■x^g^tl> 



/ii^t^a^'if $g. s k p iimttftf--^ ^' s uMmm 
mmxhh. ifmmoymmoyy7-^i^±m^mmzn 

JEt-|.*T(:to*^^Wi. S}«'lf|gsku-A, sku- 

B sffli^T "py-iry \-c<mm.WAThfi. \ms:m 
kznmh-Hi^o^'fV^^zM^ ffi#if#s k p ^m^x9 

[0028] mz. ZCOXo Mimftf-fX^'XT 

s(i, ^^^ryhc ^^SiRt- !> -9-- f X jK t T 31© 

^r-tf-fXTnA'-^ r S P - AtOHf-^ffli^^HfliiP k S P 

-Ai^y^Tyhc^zmm-fikiiiiz. zco^mmp 
k s p - A ^ffi-, fzwmcoEmimT<. mmmm^zmB 
Ltz^coimm^mmti. s§^it^hfzwmmm^^ 

ix/i'lf fgoigfflg*^ ^y-<ryhC{zMLxnOo 

[ 0 0 2 9 ] iiT\ mm'mmmbrz^comm^ 
mmti t i± . mmmmi-f- fx 7°ny s-^ r s p - a , 

S P - B T- 1 UmtX ^ V ^ JF^M^^mt" !> MJl^Og^ 

[0030] ^ 7^ ry h ci±. isfiEmf^f-A'stow 

ffi|g&i.^iHiiP k s p -A^ffl^^TBf^^bt . mmtt 
rzimw£im^-r<s^zmmi'i. ttz. 9yAT 
y h c(i, mwmxzxmn.bfz^'^M'^mm'mm 

[003 1 ] mttT-9--A's(i. ^yAryvci)-t^ 
mt^fifz'm.^mm'^ . i0ttfg^^f-f xtpa- 

A f'S P - A/\|ejS^I> t^tt:, -tf-f XTnA'^ ^"s 
P-AtMLTfl^-ft^^^ffo „ ^f-fXTPA-^^- 

(tE 0 , ; co'[f ^m^^tmmm s k s p - a ^ 
m^xmitti. 

[0032] ^jLX. ^yATyhCfj^hV--'ti'xr 

n r s p - A^<r)'mmmix^i-f-^ < s mm 
i^t m±x'^ . ffliEr«iM* 1 c'jmm^^mM^m^ 
t:^!., i;j±cDmimmxi±, ^-a-xtmm 

- f X 7°n A'-f ^- S P - A t i; -5 T !> to t ^ 
TilJ0JtT^^I>^\ -9--f xfm^^^f-f xrnA-^ r 

S P - Bt: j; -^Tffi9ixl>*|^t:(i;, i.^^1l|P k S P - 
A^iXh^^zPkSP-Bi)mv^^,tu ^yAryhC 
i^(^,cr)imi^^~^'xrnr^^ ^ S P - B tteilS^. 
tf-f XTnA'-f ^"s P - Bi^'KfSllS k S P - B ^ffl 

[ 0 0 3 3 ] ifc, miefff^^LS*, SfEfffgt^MiSL 

fz^c^mmm^mmTc. m^it^h.fz'm&tf^m^fi 
fzimco'MMiwmi. "pyAry h c^^g^e^J^^^f ^ ^ 

-f X7°nA--f ^-S P -A, S P - B;^)^g^e^J^^^f ^ i 
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[0 0 34] tfz. -if-fXTpy^'-f ^-'SP-A, SP 

p-A, sp-B*^^,^^^ry^lstiE^g^tl.^^^l 
(«#[fl8SkU-A, SkU-B$,i,uiiSkPt:j: 

A , S P - B ^cDilfl^r f ) I o ; (^Mm 

li. mmmfv---' ^si^zxi ^Amm Pksp-A, Pk 

S P - B t^ffijM*^ A>-tf- \lX Tn A'^ S P - a , S P 
rnJ<-! fSP-A, SP-BtiS}M^I>B§.if, S)l>V^ 

[00 3 5] [ mmmm(^ 2102 ^^^Hgc^m 2 
t-7-n -y ^ . ^mm<^mm(^imiiw^~ fx 

v-XxAti. |r|}iE£0|^^*eW2feSt^(i:|^*efll3t;i5 

V . fsiiEmf ^f-^^' s 5 ^ ry b c co^jkmm p k 

U' -A, PkU' -B^^-liXrnJU fSP- 

A , s p - B tffiii L , iMmf ^f-^ s Lx 
mfzvmm^^(^'Ammpk\j' -a, Pku' -b 

2rfflV^T-tf-t';^7°nAW ^"S P-A, S P-BtiT-Bg 

Mf -9--^ s' s *i ^ ^ 7 y b c t;}Sfi t . ^y-(Ty 

hCT«liSkU' -A, SkU' -Bt:J;'5TfI^ 
tf-t'XTn^^'-f ^"SP-A, SP-B:^)^4^7-f 
[0 0 3 6] ll2tCfcV^T, CertU' -A, Cer 

tu' -Bii^ii-e'ix-9"-t"XTnA'-f:^-SP-A, S 
p - B t:Mt-|> ^ 7 ^ r y b c i^Bf ^Mi^^ 

PkU' -A, PkU' -Bfimm-tf-fXTn^S' 
4f"sp-A, sp-B(;:Mt"l.^7-f ry bCOHf-^f 
ffli^^^a. SkU' -A, SkU' -Btimm-t?-- 
fxToA'-^ rsp-A, sp-B izM^th ^y^ry 

mmmmzf^mh:^^ff^i^i^^z\i. u^ttigs ku 

- A , S k U - B ^fflUT ^yAryVC c^)WMi)mh 

ti.. m.mmi3{znmm^ff^%^^^z\±. %mmm?> 
k p ^mv^x ^y-iryhc mm-WfihtLh . 

[ 0 0 3 7 ] ^coj; d ^rlStiEmT-tf-fx^x-f 

^-9-- fXTP^H ^" S P - A LT . 9y-iTyh 
C tOBf ^ffld.TfBii PkU' - A ^ Bf ^ffli.^lHaiiE0J»C 
ertU' -Aizmn-mXtm-fhtMZ^ ^iO-& 

mmp k u ' -Ai:f^nfzwmiom^^m^i'^7o . 

[00 38] ZC0tmB-tn^-r\SC0W-$l^zX ^ . V- 



^ffilg^Bf Wa^WPMC e r t U ' - At:^^ ^1 

h^mm^v,' -A^ffli^THf^-fbt, Bf^^bt/stt 

ii:. tf-fXTnA'^ ^-S P - A*^A>3Mftsn/i'[f|g^ 

tc. ^7^TybctcMtTfi^'fLW5R&^fa. 
[0039] ^^^rybcii. Mtff-9--^^'s*^ii> 

gUSkU' -ASfflUTfl^'fbt-l.o ;5LT.-9-- 

fxToA'-^ ^- s p - A*^ ^ 7 ry b c ^tottfg:^^ 

HjTIi: , tf - fxfm^^'-^-- fx 7°ny s'^ r S P - A 
i.nX\ThKhn)-^\,z-yv^XWf\LXV^m^ . fx 
t^ftj&^'tf- f X7°ny MfS,P-B{zi.-,X bti I. 

IIBJ»Ce r tU' -A.d.WPkU' -A 
c?){ti5t9t:^ixmCe r tU' -B. PkU' -Bts^ 
mv^i-jfl. ^f-fX7°^^S•-Y^■■S P-B*^/^tO'|ffg*i^ 

7^Tybctfeis§^. ^'x^rybc^Wiisk 
u' -B^m^x\m^\m\t-fi> . 

[ 0 0 4 0 ] i /s. MiaBf^^tMi. ^f-f xrnA- 
^ r s p - A , s p - B *i g#e^j tff 3 ; t x'^^th 
^htfix%. wmztmm\mmi. ^y^ryvc 
fm%mz'f^ och x'-m-fh c t ifx% i> „ 

ffMT1±, Sf^iiSkU' -A, SkU' -B^9yA 

ry b cT-«aL^< Tii^i^^. ^~\^y.mzm&m 

iS^'m\ztj:nXLt. o . fd-lL. K^^SkU' -A, 

SkU' -p,{znmhMmmmc&rt^^' - 

A, CertU' -B iOl=ai±iSiiEmf^f-^^'S t®E 

■^'^/^uzxmt^,^. ^h^h w%w%%mmu^'m 
^-tf- fx \zn L X <7ymm^'M%xh i> , 
[004 1 ] i fc. i2liE{ttT-9--^^'s^i^ 7 ^ ry b c 

^:ft;t)'^T1^-fX7°^7S■-Y^■■S p-A, S P-B*^i^ 

^ 7 ^ r y b isii ^ g ( t MH ( s k u - A , 

S k U - B I, U(± S k P J: I, g:^t^#i)jSi t cI i^g:^ 
<7)-if - f X 7°n A'-f ^- S P - A , SP-B ^<7)}Ifi5r 

t") \t. wMKm~y^'s,[zi.t^mm>\^\^' -a, 

PkU' -Bi7)ffijM*^A,^^^rybC(:J;|,'|fMM 
W:^l>-jloy-^yxj:Dmm.<&. feSi^ii:® 
fa^}1^7)^_^yx j; ^)fi^^B§.ifcOV^^^t^^f -oT J: 

[0042] [ mmmM(^ 3103 (i^^sjco® 3 

MficoffiJFJ t ^l>|g|iEmf-9--f X yxrAi^SfiE^ ^ 
t-7- n 'y ^ HT-J) I. „ *§ISfi^off^»J^olSf^ft^T^f- fx 

^xxAfi. mimmmc^nziiv^x. Bt^mwp 

kSP-A, Pk SP-Bt^^^-<ry bC^cOffiSfiT 
tC. ^'yyay^-C0^f^if^l\m^y>^ay^~C7)ft 

i I, T - ^ fo^Rg^ ^' 7 ^ r y b c (=M t T L . 
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^^^Z^tl^m^m^MmPkSP-A, PkSP- 
fg^^f-b■■XT^^S■-f ^-S P - A, S P -B^|S5I-ri> 
A ry bC t-tf-h"X7°nA'-f rs P- A, S P - BTbI 
[0 0 4 3] 113 tCfcV^T, SSkA, SSkB{±^^l 

^'ti^y-iry h c t^-n'xm^u fsp-Ars. 

^ TV b C t ^f- fXToA--^ ^'S P -Bmc^M^ 
jlftffl-fev>-3 y^-, SdSSKA, SdSSkB(± 
^ti^'tLm^mmm^ >- a SSkA, SSkB 

ffiSffl«SkU-A, SkU-B^fflV^T^^^r 

y b c t^isfiEMf 3 tMJEt-ii u^ioiii 
^tdi, s k p ^Mv^T ^yAry b coisiiE 

[ 0 0 4 4 ] i^t;, MimT-tf-fx^'XT 

Stt. ^7^7ybC *«t-|> fx t t T Mfl] 
tj:^- \L7.rTi)\A f&P- MM'^WkWmP k S P 
-K^9yATyVC[zm&-ti>'cMz. fffWiffl^r 

•7^3 y^- s s k K(7^>^^mMh hvAi^ vy^y^ 

-S S k Ai?)7Ut ^l>T-^ S d S S K Ai^^felSg^ft, 
i.WP k S P -K^n\^tz^ -y y 3 y^- S S k Atfe 
l>^^i±T-^ S d S S K AcOBf-^^LW*. fff-^^tStl^C 

\moymm-^i ^pyAryvckzn^^x'i^o. 
[004 5] z(I^mmx\'i^-r^^(mMz^ ^y 
^ryhcii., Bg-^aftffl-fev^-ay^-sskA^^ 

m-tl. ttz. ^yATyycM^ i^\zX-^XM'^v 
>- 3 y S S k Ai^TC t ^ I. T- ^' S d S S K A 

m-h. -eLT, ^^^rybcii:, ^r-z^-ay^-S 

S k Atfe|,V^(i;T-^ S d S SKA^i^^lflllP k S P- 

[0046] ISIimT^f-^^'S(i, ^y^ryvcfj^^ 

A ^-s p - A^feiit-i> tmz. 'mxhut'f-'p s 

d S S K A*^^.[Ii-§-fflfiffl-fe >y >- 3 y=^-S S k AiO^ 
Bg^tf-t'XTn^^-^ ^"S P - At:^LTM«t-|> o 
[0047] -tf-fX7°nA-^ rs P - Aii. IgfiEmT 

m^-^t h %&mm sksp-A^Mv^t fi^-rt l . .y 

>'3y=^-SSkA^jX#t~l>„ tJ^^, t?--t'X7°n7S' 

^ r s p - A{i, fgiIEmf■9--^■^■s*^^,^r -y 3 y^- 

S S k AtO^feESt^SsRSn/S*!^, ISfimf-9--A-S*^ 
^.MfiStl/ittfg&K^^S k SP-A^fflUTfl^-ft 
LT, T-^SdSSKA^K#LT, ;c^T-^Sd 
S S K Ai&^/^-fe 'y y 3 y^- S S k A &^)£-tl> o 

[0 0 4 8] vm. ^^^Ty^ct^?--h■■x7°^ys■^ 



^- s p - A rBii^?i*^toafito I ^T^^^ttfgi^^ 0 
t D*i'^tgt^:i>o ^^i?*., ^y^ryvct^^^- 

P-A^Wm^:mmi-lt§^, 9 yA 

ryycM. iSfit-<#'ifig*^-yy3y^-sskA 
mxm-> ^^W-^xmm-) fz^~ fx r 

SP-A(±. g#*i^t-|>^r-yy3y^-SSkA^ffl 

v^x>mk^''m\t-fh . 

[0049] --ys. ^~\lX7°VI}\A ^"S P - A;0^^>^ 

^-SP-Ati. Mit-<^ffifg^^r'yy3y^-ssk 
IgfiEmftf-^^'s ^^LTg(tKo/s^ 7^ r y b c 

fi:. S#*^'^t-|>^r-7^3y^-SSkA^fflMT'|f|g 

[00 50] ^aLT. :7^-f rybC*^A,tf-fXT 
nA'^ rs P-A^OffifgtO^^J^^. ^f-f XTnA- 

^rsp-A*^jij^7^Tybc /\toffi|gS}Mt;i5 \ ^x 
h .. imim^-rss^zwmmm^ z t m±t?^ 
it*i^tgt;ii>, iii±mMmmxu. -f-f 

xfm*^'-9--f XTny^-^ ^"S P - Ad oTtTi9ixl> 
Tpy s P - B j; X'€htilt§^Ui . 'Amm 

PkSP-A, -t'/y 3 y^-S SkA, T-^SdS 

SKAt^fti^Dt^^ix-e'ixPkSP-B, -fe'yy3ydf 

-SSkB. '|f|iSdSSKB^ifflV^^,tl. 9yATy 

b c*^A>tO'lf$S;&i-9--fxTnys'^ ^-'s P - B(;KM§ 

fl. ^~\LXm)\A y&P - Bi&ir-^ S d S S K B 

-y y 3 y^-s S k B ^>^^^h , 
[ 0 0 5 1 ] i/i. fflia^feRg^iR. Bf^-fbSsR, Bf^^b 

fxTny S P - A , S P - B g#Ei^j ttT 3 ; t 

[00 52] i/i, m-ttT^f-^-^'S;&i^ 7 ^ Ty b C 
\ZWh -5 T -tf- fXTP^ S P - A , S P - B ^5 

^ 7 ^ r y b isiiES g(t i>Mii ( %mmL s k u - a , 

S k U - B J) !> Ui± S k P t i; !> W:g<7)^Jj!£ t ; <7)g:g 
to-f - fx 7°ny s'-f ^- s P - A , s P - B ^iOlIfi^r 
f ) (i: , IgfimT-^--^ S H i I, i,^|f1® P k S P - A , 
P k s P - B 7)gSjM*^ A>-+?-- fx 7°ny s'-f r s P - A , 
sp-Bt;j;i>-f-yy3y^-ssk Aa^>^mz^h- 

3l7)y-^ryxj;DmOB#*, Hf^-fkSix^c^r-yyBy 
=3f-SSkA, SSkBtfe|,V^(iT-^SdSSKA, 
S d S S k B S-tf-f X7°n^S'-< rSP-A, SP-B 
t;ieMt-SB#*. S)l>Uii|rriB-3Stoy-^ryxJ; Of! 
t^B#.r&i7)v ^^^t;^f ^ T i J; I ^„ 
[00 53] [mM<^]BM<^4 ] 04 (i;*%B)5c7)||4 7) 

mmmm t ^:i.igiiEmf-9--f x yxxATj^Bg^^ 
t-7-n -y ^ iT-i) I. „ mmmMio i & 1. 1 ^(±Mfitoff:J 



(^ 2) )01-134534 (P2001-134534A) 



«J<7) 3 T1± . -If- fxrn^ S'-f S P - A , S P - B 60 
Bf-^ffli.^llFll|P kSP-A, PkSP-B ^it^iftO i 

o^zmm-ti^)^t\yormm^-ti. mm. imit 

n-f-^'^SI^Z^AmmPkSP-A, PkSP-BiO^liE 

[00 54] ^^:i9t5, im-i^rMmmmim-^-rss 

liXruJU r S P - A , S P - B^vcO'lf fg^lSliEmT 

IELV^i,^^1l|PkSP-A, PkSP-B^mv^THf^ 
itLX^-^fxrnrUf'SP-A, S P - B ^jMftt" 
!> fc V ^ 3 fi{^ Sr^f i , ISfIE«^f -9"-^ s t I 'If 

[ 0 0 5 5 ] *Slffit0JF^«JC0lSfiEmT-9--fX 
>-XTA{i, -tf-fxrnA'-^rsP-A, SP-Bt?) 

Bf Pksp-A, Pksp-B commiMMi 

tchi^ , ^' S ii , Bf ^ffli^^lflll p k S P - 

A, PkSP-BtittC. Bf ^ffli.^lBiiflE0J»C e r t 
SP-A, Ce r t SP-B^^^'-f TyfC^iE}I-t 

[0056] ^y 4 ry hcii. mm±mmm(^m. 

0J!»^-9"-f'-X7°nys--< r s P - A, S P -BUiiZim 

ira»C ertSP-A, CertSP-B ^±f5|gfiE 
^^IBiifra»Ce r t SP-A, CertSP-B 

LT V f 0 ^-comis.wmm ^ m vox 

h (Certificate Revocation List , lilT, CRLtf^ 
[00 57] tT, Hf^Mi.^lBiiPkSP-A, P 

k s p - B c7)itiiE ozt i^x^ I. o . mmx^i 
im-ii:mmi "pyAryvc kzwmth r_ t 

<Tj;i^*l^^i^v\ -'mz\t. ^yATy 

f c t -If - t'-XTn ^- S P - A , S P - B rBliOlX^ 

^(m.mz\% h '[f wstco I mm. L^mv^nK 
m-'mmmmz-)\^xmM.Lti:< xi^utuo*^^ 
fs^^ < . mmmmc^) i i> v 3 x+^x$, i> , 
[00 58] wma. mMim-^-^^s<DMmm 
^g^fgamT-tf-^ s ^zT^iEizr^^xtmmm?.^ 
i^zt-oxii. ^-■>ism-^Jciz^j:6mwr&t£m\ 
im-'mmmmi^zx^-mcoT^iEn^immth x^h 
mmm^m^ t^xht. t.fi. mmmmmi. ^ y 
Aryvc ti'^^kxmomm.^ ^'m\z'f^ a ^ t x'-^m 
hz'ci?x%h. 

[00 59] vm\mw%.(^ 51^5 \i-^wm% 5 en 



>'X-r-A(i. ||SMM601J)|,v^ii3tO>'X-r-Atcfe 
V^T, i.^lHiiPkSP-A, PkSP-B^ffll^TBf^ 

it^ti^ , ^yAry vci)-^t^,^~\L7.rvi)\A r s p 
-A, ^p -w^amwmmmhx . ^y-iry 

Y C tclSfimf-tf-A- s X'm\YM^X% t£V^X. o ti:mx 
cOlIliEttlg^M* L . ; c7)|SiiEfflffi^lSliEftff-tf-v ^' S 

f^-tf- \lX7°vi)\A ^-SP-A, SP-B ^teiS L 
X. -tf-fxTnA'-^ rsp-A, SP-Bf^^-^r 

[0060] USti^l^^T. A, Bii-etl-ftl-tf-fX 

TnA-^:^-sp-A, sp-Bt:^^jE-ri>^7-fryh 
c i^fgiiE'if igT-s, h %%m.m^~i s ii . Bf ^ffli^^Pfi 
iiPksp-A, Pk sp-B^^7-f ry bctiejS 

^c^i^^mUPkSP-A, PkSP-B^ffi 

-> tiwrnmrnA , b ost ^-ft^^R ^^^yAryycAzn 

hX'iio., 

[006 1 ] "^yAryVCM. -if-t'"X7°ny^'-f^"S 
P - A^Mfit-<# ffifg^ i^^lBii PkSP-A^ffll^T 
n'^itth ^t:. 'kXmP k S P - A SrMv ^TfgiiE'lf # 

%A^mm.mm.(n 1 i)i>^^i±3T«t/-cffitottfgt 

b C(i:, -tf-f'XTnA-^ ^--'s P - B^j^ft^^^'lf |g 

^'mm.p k s p - B srffl^^THf ^^Lt-s^t, 'mm 

P k S P - B ^fflV^TlSliEffiffi {)^7.V- F ) B ^ Bf^ 
\t L , Z(rym^\'C^f\.fMmm B &IIJ4i^ff^»Ji^ 1 

hv^\±3xw^htdmmky-^\znm.mi^->^^'^ 

[0062] -f-b-XTnA'-^^-SP-A, SP-B 

m 9yA ry yct-c^Mmtiwmmi^-'^^kzx 
->x%:mKfz%mmm o . z. mm.^m'^mim 

iiSkSP-A, SkSP-B^fflV^Tfl^-fbLT, IS 
tlffilgA, B^jXf#^|,, ^LT. -ff-fXTnA'^r 
SP-A, SP-Btt. fgllffifgA, P>^mz'?yAr 

yvcoMWi'ilo „ 

[ 0 0 6 3 ] i 3 LT . mmm^-r^^tf^yATy 
b c 19 1-* t-i t &K<-i t , irriar^mif 2 

#i^KS'if igs k PT-^ 7^ ry MgiiE&g(t/i t LT 

C;. -tf-bXTPA'-^rSP-A, SP-B(±, ^'X-^ 
ry b CcOiSWiE;&^-^tgT-\ ;&^o|giiEmT-9--^-^'S*i 

^x^rybct^^D^^^^t^RjC^ia^WLTv^ 

[0064] ISIiEfttf-tf-A-S^fflV^|,flJ*i?)-o(i:. 

^yAry vcxm-mummmm^wy^^h z 
b xh ht-^^. ^mmmm.xmmmmA , b nmt 
mf^-^ s xmm t T V ^ I, i t bt<T c> to t 
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ii. SJ@'lf#SkU-A, SkU-Bj)|,l^(i;SkP^ 

^'-'SP-A, SP-B {zMh IbT^y-iry him^: 
[0 0 6 5] ^-i^vtxv-F^Kil^l. 

[00 66] [ mMffMM<7} 6 ] El 6 6 

^mxhh. S6^^7I^t-lSfIEmf^?--A■si±. Mfitoj^j 

«J(7) 1 - 5 c?)ig|iEmT-9"- fx ^Xr A ^ g|J|-tl> (?) 

[ 0 0 6 7 ] , immn^~-><sfj^^y-(ry h c 

l/Zith -5 T-^f- f;?,7°n ^- s P - A , SP-Bti^i^ 

^y-tTyhmM^:mmmimmitm2iou^x'Ai 

0 , S k P IS'li^ 1 0 St^'C e r t P IS'li^s 1 

UiT^mx-m. #*S»3c0^55;TlTa*4^ai:. S 
kU-AiS'llffSSyc e r t U-Af £'11119 ii^^T 

[0068] SkU-P iB'itl 1 (i . MfiEmf -9--^ ^' S 

t^y-iryvc ma^umzmv^ h fz^ommwik s k 

U - P ^ IBM L . C e r t U - PfEMti 2 i±. ffi^ffifg 
S k U - P tMJC t /SflEHJ* C e r t U - P ^IBg t T 
V^I>o K-#[flgSkU-PttiEHJ*Ce r tU-Pt 

[00 69] SkU-PltflEts3(i. ^7^TybC*^ 
i^3Ift§ixSgft^M 1 4 fgmS^i/sKSffilgS k U 
-p. II0fl»Ce r tU-P, &|,V^{i:i}^ffi$gSkU 
-PtfPJ!»Ce r tU-PtSrKt:, SkU-PfE'lf 
Hmt^'Ce r tU-Pia'itl2&#{ELT. ^7^7 

ybCio|gfiE^ff3„ sku-p|^iiEti3i±. 
^^yAryvc amm'^ t ^finimmmm s k 
u-Pi^MJtES^#5«t-i>; ^^^ryfcofg 

[00 70] s p - Ai,T«iE®^4 mnm^kfm 

PkSP-A, PkSP-B (PkU' -A, PkU' 

- B ) mm L , s p - A-'mmmmc r i.tm^ 5 

SP-A, CertSP-B (CertU' -A, Ce 
rtU' -B) C^CRL^IE'liL, S P - A±f4ig|iEii 

tm Lx\-^t. m'^m'jkmm t c r l t MMimMc^!k 



mmmm t t xTPA-^ ^- s p - a , s p 
-Bmztimtixv^h. 

[007 1 ] S P i.^lH»fiE0J»l^iiEtl Hi. S P - Ai.^ 

iB(if Eeti4 . s p - A{kmmm.mmc r l ie'IH 5 & 

t^- S P - A±fiigiiEMi.^r?piaiiEBH»IE'g^ 6 ^#53 L 

Tl^^rl^*\ H^Wi. CRL^K#t-S^Sfc. ±f4 

[0072] SkU - AlEMtiS , K^ttfgS k U - 
A, SkU-B^IE'lit, Ce r tU-A|E'it5 9(i, 

%mMm sku-A, sku-B ^zn^xiLfztmmc e 

rtU-A, Ce r tU-B&iE'itTV^|,„ if^'lffi 
SkU-A, SkU-BtlPMCe r tU-A, Ce 
rtU-Btii. ^-tf-fxrnA'-^^-SP-A, SP 

- Btts.y#^ 7^ ry h ctttiE'is^Ti^i) „ 

[0073] S k PlE'li^ 1 0(i. ff-A'S 
'If ffiS k P ^IB'liL. Cert PlB'ltH 1 1 \i. IBS'lf 
|g S k P tcMJSE L/SliEHJ»C e r t P &f E'i LTl ^ I, , 
S^^feSSttil 2{i:. FJtjECOfflfijt^K^UfgSkU- 
A, SkU-Bj)|>l,^{iSkP^fflV^TBf-t'fbL/'^?^ 
^^fefiSL, ;c^W^^3igmgMl4^^LT-9--fX 
TPA'^^-SP-A, SP-B^5lifi-ri=„ iw^izX-> 
Xli. g^^R^tll 2{i. MfEg^titt^ilEHJtfCe r 
tU-A, Ce r tU-Bj)^V^(i;Ce r t P^-tf-h" 
XTnA'-^ ^^--SP-A, SP-B ^ilff-ri) „ 

[0074] mmmm 1 3 i±. mmmmc^) 1 - 5 x- 

fiMgl4{i:. ^^'yh^^-^iitLX^y-fTyhCR 
t/'-tf-fXTn^'-f :^"SP-A, SP-Bt gMSti, 

^y-^ryy- c&rf^-^zxr^^u ^sp-a, s p 

- B t corsximcom'$im'€ 0 . 

[ 0 0 7 5 ] -^mmmmx-\i. ^y-iryvu 
ut Lx^kmmm^mmLfzmmi^^zi. 1, ^,^7)^® 
■^Lxv^htsK WMJiMzx-',x\im^'^^m2. s 
k u - pim.m . Rmmmc e r t mmm^ 5 , 
6, 9, 1 iitT-'tmz^j:^. mtii. j^xv-mm 
xi±Mm9i±'mm< . tfzm^^is.mi2i^'m^j: 

[0076] i;i±coX 0 mmim^-r^sii, Ay 9 
^^BrtLAN^^i^^ y^-^-y h^fJAii^-y hV- 

v-^xr- ^-ny. v^-y-^/^3yt°JI.-^', /i— 

[0077] [ mmmMio 7 ] h 7 a^^tmcom 1 
mmmm. tii>^7^Tyhc toSfi!t&^t-7-n -y ^ 
HT- !> o H 7 [z^-f ^y^ryvcii. mmcommco 
i-scoMMBW^-fx^^xTM^irmmt^ijioxh 



(^4) )01-134534 (P2001-134534A) 



mm. mmmM(^ 3 com^ut^ y >■ a y^-'k^/ 
mwmmf^ y b y^-^zxmmt/mmm 

[ 0 0 7 8 ] 19 . mm(rmm.(^)2mw)m^^z\i. 
s k u ' - AiESti 2 6 mfm.n^ 2 7 (i^^T-* o . 
mmc^mm.c^3]:m(^i^^{z\i. ssk^feR£#i2 8. s 

S k-B#iB'lilff 2 9. S d S S K^fiSits 3 0 Mfm'^it 

/m^im3 1 0 , iisfiioff^»ji04iii^hio±i 

SPi.^|BiiiP^»CRLfEeti3 2. SP±f4 
l2liEi^i.T?FllliiE0l1*IB'm 3 3 &t^- S P i.^rfp1^iiE0f5»l^ 
iiE§g3 4(i;^ST-J)l>o 

[0079] sku-p iS'ltl 2 1 {± , fgie-^c^f -9--^ ^' 
st^^y-tryhc mcommzm^^ i fzibcomm'\m 

SkU-P^IB'ftL. Ce r tU-PlE'lill2 2(i:. ffi 

mwm s k u - p izMBLmmmc e r t u - p a 

tlM»C e r t U - P ^fgfiEmf-9--A-S^iSfit- 

[0080] S Pi.Tff1l|-B#|EM^2 4 {i, WttT^f 
-A- S ii,}IfiS iljI^fi^M 3 6 T-^fi§ tl^cHf ^ffl 

i. ^BBiiPkSP-A, PkSP-B^lE'liLTV^|,„ Bg 
^im2 5li. ii^Bf^m^lBiiPkSP-A, PkS 
P-B Srffll^T'[f#t^Bf^^tSr^fl\ Bf^jtS^i/iffilg 

[0081] s k u ' - AiB'iiiff 2 6 ii., mnmmm 

SkU' -A, SkU' -B^|B'liLTV^I.o ^OHf-^ 
ffl»«ii{±. #-9--fXTnys-^^-SP-A, SP-B 

mzmm^tixv^h. fi^^2 7(i:, igfimT-r-A-s 
^)-^mm^tim?iimm3 e T^m^titzmmm^m 
mmnskij- -a, sku' -Bim^xm^-it^ 

[0 0 82] SSk^kfi£||2 8(±, Bf ^Mffffl^r ^ 3 
y^-SSkA, SSkB^4)iScL, S S k-B^fE'lf:^ 
29i±, ^i^Hf^amM^r-y^Hydf-SSkA, SS 
kB^fS'lf-tli, SdSSK^Ji!ttl3 0{i. -fe-y^^gy 
df-SSkA, SSkB(7)7t;i;^'^T-^'SdSSK 
A, S d S S k B Sr^J5g-ri. o 

[0083] m^it/m^<tZ3 1 li. mm-t'^^mm 

^-b'y v-H y^-S SkA, S S k B ^MV^TBt-^-fL 

L. m^^t^tifzwmim'^mmm3 e utiximK 

ii. imm^f^--'<si^^mm^tim^mmm3 6x^ 
m$tLfz. mmt^tirzwrn^^y^-By^-ssk 



A, sskBim^^xmmtt^. 

[0084] s p mmmmmc r L$mM 32ii.m 

^mWPkSP-A, PkSP-BtcMJEt-|>i.^lB 
iiiPJ»C e r t SP-A, C e r t S P - BtOC RL 
^IBML, S P±f4igliEi^i^^r?piaiiE0MIE'gll3 3 ii, 

±mitm(^){iimmmMitin ix^-^i. cRLti. 

P-A, SP-Btet:iE'[i$ixTV^I.„ 
[0085] SPi.^gBaiI0fl»^iiEti34{i. sp^m 

mm.m9c r L^mm 32ms p^mmmmmm. 

0J»fEMti3 3^#EBLT. fgiiEmf^f-A'S*^tf,Mfi 

$tim^mmm3 ex^m^tLfzEi^mmmp k s p 
-A, Pksp-Boi^iiE^^Ta„ mixim^ 

I. 

[0 086] Atii*SM3 Sii. ^ 5^ Ty h C^OfiJffl 

[ 0 0 8 7 ] . ^mmmm^z^\-^x h . mmm 
s s {znth ^y^ryh immmammm^if 

55;^S5e L T V ^ I, *\ iSliE^itt: J; o T ii^^^g t I. 
01fW#St-|>„ lil±tOj:ai^7^7yh^MC(i. 
y^°-y-^;^^yt°JL-^'J:^oy7 h^xTt LTSIig§ 

{ I C^- K ) ^ftOS^^rVs'^ ^±-t-||J|t-|> ; t 

[0088]Mi.H\ SkU-PiB'lll2 1. Ce rt 

u-piB'g^2 2mm^'kf&Z2 3mmi^-?-h 

/^^^mg*fii/-c::jyt"^-^, mfSSS)Sl^(i^r 
-y h b 'y 'y ^ X^O^^fIgM^:^tfc^i:l, ^ t mm 
Xh^. SkU-PiESti2K Ce r tU-PlE'lils 

2 2 2 3 cost g ti^^zsp i^mm-mi 

2 4 mm^im 2 5 c^mm ix-^-hA-vizn 
fz^. m ^ comm^mmmmmtz^i z t h^mxh 

[0089] [ mmmM(o 8 ] h 8 . h 9 nt^mMco 
mscomm mm t !> i siift^f - ^'x^-xf-M.com 
i-^iffk-ty-^ymxh^. :^mmmmm.umi 
^?--t■x^x-fAii. mmmM(^)5xtmLfzy7.r- 
A & ^-y b y-^ T f V himm-t-j^'smm^ tu^y 
hizmmLtzi,c^x%i. 

[ 0 0 9 0 ] i ; T\ ^-y b ^ T f 'y h imm^ 

tLXli, SET (Online PIN Extension^#tf ) J^|> 
l^(±S E C E ^^.SgLTV^I. , ^-y b V-^t f.y b?* 

mm^. m^m. ^mmmy-v^^^cr)3^ 
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7bT-J)l>, lift, MaStiTi^l,-9--AWIS^=r^ 

mmmm^ ( p i n ) ^tf-ys-^^ ^ hoijit^i. 

^ b rslT-Bf ^-fk L/S t LT i . Jn5lJgt:3Iflt- 

[ 0 0 9 1 ] ^^T-. mmmm<^5TmmLfz>'XT 

A S < i^y^ryhCt MMiW-^-^ ^TbI 

coimm) vhh. 

[0 0 9 2] ST, astcTKt-iat;, mmmncA 

-¥i:^y-<TyhC^zmXlX. "^vATyVCOy^ 

^kv^^^'py^mth. wmm^tM^mih^mA^ 
rn^m- Yr^xv- Y^xn^h h . mt^-r\K S 
r y b cti, isiiE-+?--A-A s {znLx^-\^xu^'A y 

[00 93] -tf-h-XWI, -if-ys-^ t ^ V f S W*^ 

P GW t ^0^B1T"HffS^0MMbM^I&^f o . 
[0 0 94] <>K><Z^ |I|9(C^^t"J;at:, ^~r\^t\yy 
bSWii. □®[f#tPGWi,Tff1ll (Bf^ffli^^maPk 
SP-A, PkSP-BtfflS) fc^t?)ffi£?)ffifg ( SE 
T/SECETliP I He a d ) i; ^ 7-1' T y b 

iSfit-^. wffl^ii. p I N (BffiE#^. ^t£hhmm 

tA^J-tl)„ SET/SECET1±. PAND 

at atB?imi>fIiit=. P I nhhVAiP I NiOT- 

^'7Ary\-c{zi6\^xm:?i~txh. 

[ 0 0 9 5 ] ^ LT. PI N'Iffgfi, ^?--h■■X7°^A■^ 

yxhhm^i-^-j\PGW{z(7}^m'mL. t v 
■y b '&^\znLx\mm.-fhfz.^\z^ ^y-iryy-c^z 

iS^-^XP I NMilBf-^T-^H (PIHead + PAN 
Data) . H (PANData) . E (PkPGW, 
PANData + K) &ltl:-tl>„ ZZXC^m () 
-yi^A^l^m^S^L, E {) liRSAmU^r^-t. 

A-pGWt:iIji,^S„ 



[0096] -^-^^^tlyyhSWti'i^M^AJSM^ffm 

^iz-?\^^xi±. m'^(^)^yAryhc^}^^(^)njc. hh 

[0097] ^ixtJ; igffPffiP I N(itf-A-^^ 

\y hmm^xnmmmmb^j:^ . mnnmp i Nm 

^5Tl.yx^^ili^^^§^i:l.^t;^)^T■■^l>„ S/i. MIS 

M*«^&p I N^zXnxmmmM-ti^mh-jz. 

^ztci. tcti. :^mmmmxu. tmn-tn^-rsmi 
fnitc^^f^^c^^y^ryhtM^m. M^mtm^i^ 
<m(^m:ic^zi±^w.iM i^j:v^^t mm t ^ t v ^ 

[0 0 9 8] tfz. :^mmmmxu. mmuix-? 

-hA~VMi^L. ^y-!ryhtV--r^^yi-]yyh 
S„ SSL (Secure Sockets Layer) "f— ^^'ISflE. 

/iff«-co s s \.mmm.^nv^x a*?^ w l*^ 
-mzim-hmmtax-^- vt-v mm-ti> ; t 

"9, Mt^iltfPiSP I N*ifiJffl#to^a5XT-ft!lA 

(i. p I nfm<nmm\ihL)i^x^-\-t-Ynx 

[0099] mmmmio 9 1 s i o n^wmm 9 

^-fy-^yxmxhh,. ^mkm%mmxm~ 
fx yxr mmmmc^) 5 ximitz yxr^ ^ 

^-y bV-^rf.y b?^^St:i5(tl>^f-^^'WaS^*U' 

[0 100] HI oxi±, ^y^ryhct-^- 
^^^tu-y V swmc^immt'y-^yxm^^'r^iz^ 

sECE^:i;i:i5UT(i;, mMtmmim:^WMM 
{zmt-tmm^zmmm^s t-*^ ^.w^^SBt tis^^ 

mmzmmHzmt l , w^gigiiEMti ; c^istt^^ 

mismtm^izi. m:^ffmm:mnxv^h z. t t5ri> 

< . ^mmmsimmcoi^:^'y^ti:t'himxno) . 
[0101] mm-f-^^'mMm^tiyy hxu. mm 
mmco 8 k MzwMmmmim^(o^~r^^ tuy 
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[0 1 0 2] -e^T-. mmmm<^5'zwMifz>'y^T 

- A'^ :r P h s w{± , i to * it» t c c Ai^^lBii 

{Hf^miBiiPkSP-A, PkSP-Bt;fflii) ^ 

[0103] mmii.. mMm&mm^-^:^y^ rv 
fctA^t-i>, 'p'yAryYcM. zam^'mimm. 
c c K^mmmv^x l , at ^{t^ix/itt 

[0104] WMtmmc C A{±, -f-A'^ :r I- -y b S 

c c A ii . mmm ^ ^^tv^v^ w^^im^ i> » 

[0105] m±c7) j; d ii^|:#5EBf fiE#^^Hf ^-fk 

mim<tzmz\i. WM-m&mm'^i.zMix'^') t)v 
^nts:mmffmizm^j:hmm^\mmz-^^h z. t 

9nm^'jkm^tix\-^isEc^\m^zm^mmm 
mc c At^stgtijniT . w^istiEi^Bf ^jtmffi^at: 

i !> W^gf^SgHf liE*^cOfM^'fl:Stg*««ISIiEi^C C A 
[0106] imM'^MMff} 1 0 ] HI 1 1 , El 1 2 (i* 

fz'^x^^iss Limcoimim^-r\t ixmrnt 
tz i^ff^xh h „ ifmmmmii. s s i^mmmm o 
h<DXh D , m^itriid'u xm±r s A^iSsttTv^ 

[0107] ^^^ryhtss Ltf-A-c7)rBiT-\ t^e* 
c?) s s LisiiE^ff d ^ 5 ^ r y b ijffl^oiiE 

0. fflffl^coK^'if«w;(i::ixb ■ vx.^mfmo 
zhf?^u(Dx\ nm^mm'mm^x% U3vy-ts:< 

i\ ^XiO S S LMIiE&ISfiEmf^f-A-Tif i^itl. b i 



L-tf-A't ^ 5^ ry ^^B^^o^a^^lsfHt^T■9--A■T■■ 
[ 0 1 0 8 ] -t^T-. mmmm<^ 3 ^as^s t , s 

S L tf-y-N- 1 ^ ^ ^ r y b rslT-So , IBSfffgcOTU t ^ 

STUVX^-^'-^'b'-y bS.t^VX^->'-^^-y b 

(Dfkmz-j UTtt^^^ryb TiTi9ii: , T U ^ - 
^- ^ -y b t:oV ttfgliEft^T-if-^ !> ; t ^^X" 

5 1:, 3iffB#t:(±s s L-f-j^(^{iimmxim 

-fbL, ISfiEmf-t?--A-t;fe}It-|. „ ^/-c, SSL-9--A- 

t-(^M^$tLi^' ryy-comnz-jv^xii. ^ct^v 

Ai^:uXYi9yAry\~ Xi¥f^ L , WMiXm-^ ^z 

teii L , mmxm-^ ^mm^mmmxm^ ^ m 

Lothzuzx^. wMim^-j^zmm^m 
rn'mmumti^^ ; t ^ < , s s i.mm.m^ bt^h,. 

[ 0 1 0 9 ] lilT. *SI5W^«Jt0^x-rAtoK){1:^H 

1 K HI 2^mv^x%mth„ m\ wzmx. 
at, WM^AM c^-b^^7^Tybctt¥AL. 
^- bA°xy- b& A^t-l. t . IMmf^f-A-stc j; 

0 T I C ^ - b tO|g|iE*%i9ix !> „ IgfiEf^ . 9yAry 
bC(i, MfiEmf-9--A-st:MtT^f-b-xn^-^ y^ 

[0110] ^~\L7.mm. wmxm~y'<^\i. s 
sL^f-y•^■tc7)^B^T■■FJf^E^^MlWI^^Ta„ uz^ m 
1 2 tcTKt" i 3 , A- s{±, ^^^ryb 

CtMLT^^-f ry b=¥- (Client Key) ^g^-fl. 

t fttc , vmm ( Bi^ffli.^iBii p k s p - A , p 
ksp-Bt:ffli) ^"py-iryycy^Mtth.. 
[0111] ry bci±. TUvx^-y-^b- 

-yb (r-^SdSSKA, SdSSkBtffli)^^ 

s^iifit-i>, i3tT, ^-ivmmxm'^Wififz 

7°y-7Xy-y-^b"y b/&^'SSL1?--A-(;:jIii,ix|,, 

^^^rybcii. ryvx^-y-^b-yb 
^»:vx^->'-^b'-y bS^lSLT, ciiovx^- 
y-^b-y btMLTA.yy^jii:&^fv\ iWN-yy 

[0112] lilii^J; at:, S S L|giiEt:ii(t§(3t ^ 

fi^gp^^ ^ mmxm~f ^ s tit a ; t -b^x %htf. u 
mxm-^ ^ s \>zn Lxmmimm\>z Lxattzv^w^ 
^]-T-$)i.7°yvx^'-y-^b"y b, vx^'-y-^b- 

-y b^^feJ5!ct-|.iE^H:':)V^Tii:, ISfiEmT-tf-A-s^^ii, 

^£:'^'lffg^4iii ^ t 19 , ^ ry b cr^fefigT- 

[0113] ISilEmf^?-- 

A- s s s L tf- A- 1 toam ^T^-cmti^Dt-i-o H 

1 2{Zikt rp i n i s he dj y A T y V 

c izm^ i 1 1 J; 0 . Mij\^xc^M^imm mwm 
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^< , s s L-tf-^^'t ^y-!ry hcmTmmmmT 

hi. 

[0 1 14] 

M y^m.^m t , ^ ^ ^ 7 y b -t- fx 

Tn^s'^ ^"^M^jimt-^^ 'If #^Bf ^ffli^W^fflv ^ 

[0 1 1 5] m-^;^f^?--ABg*\ fmm- 

A ry vmmM^WkwmwkL . ^?--b■■xT^A' 
^ fmm.ii^h'§:\m-^tMmt%fitM%^';yA ry 
vm/^mi^. ^~\^y.rTi)'<Ar^mK 9yAr 
y v'm/^mt-f^<^mmm^^'mm^\ -^x st ^ 

fit. ^7^rybSM;&\ MliEmf^?--A■gM;^)^^i,g 
(tlx-:. /iHf ^-fbS Bf ^ffla^a^ffll ^Tfl^ 

[0 1 1 6] S/S, IStiEmT-9--A-^M*^, FJtao-tf- 
f xtiJ^jE L^c-9--f xrn AW ^"^McOBf ^ffli^^^m 

i^yA7yhmm'<Emi. ^yAryy^mij^^^^ 
mmi^ . -t- fx <A ^-mm t (orscomwMim-^ 

■y 3 y^-J) !> V ; io-fe -y >- 3 y =^ -iOTc t ^: !> T 

-^^4fiScL. ^:-7y3y^-$)I.V^(i:T-^^Hf^ffl 
^3iftt-^ ^ ^ 7 3 y ^ - ^ ffl Hf ^-ffc L , 

^l:LT^r-y>'3y=^-&Eff L. 3^l>l^{i:Bf^fflif^il 

/?,4r.y>'3y^-&^fefi£t/-cft. ry bgg^il 
^it-<^ffifg^^2•y^3y=^-^ffll^TBf^{tt. zco 



ry bggt-f-f xrnA-^ ^MrES^o?J{^^^o 

[ 0 1 1 7 ] i/i, igliEfttT-9--A-^M*^, Bf^ffli,^Pf1 

mzm^m'jkmmM.mm^:im ^yAryhmm 

fj\ Bf^Mi.W^fflv^/SHf^'ft^ffdmt:. MliEmf 

[0 1 18] i/s. ^'yATyymm^y. mmt^no 

^?--fX7°^A■^r^M*^ fl^-fb^^f IS 

immm. ^mz^? y a ryv mwowM ^ 5 is 
-^'gg^i^ 7 ^ 7 y h mmzts: o t-^ t-; t 
&B5<-i t ^^x-t . § t^\>zmm.\xm~r^^m.m^^^ 

[MfOffi^ilFJ] 

m\\ ^^wm% 1 commmm t * i> iMmf -9- 

-f x^-XrAofifiJc^^^^^n -y ^Hf-fel. o 

[02] *%0jc7)m 2 (Dmmmm ttci imixn-f 

-f Xv-XrAtoSfiic^Tnt-^'n -y ?'0T-S)l> „ 

[ H 3 ] *%0jco^ 3 commmm ttci imiw-^ 

-f X>'XxAt?)|iRJc^^t-7-n -y „ 

[04 ] ^m(^m4mmmmttcumim^ 

-f Xv-XxAiOffRJc^^t-^'n -y ^'0T-S)l. „ 

[05] ^%mcom 5 commmm t * i> isiimf -9- 

-f x^-XrAofifiic^^^^^n -y ^0f*l> o 

[06] *ii0ji^m 6 commmm t ^ i> 1^11^7-9- 

-A-ga(?)«RES:7K^7-n -y ^0T-S)l> , 

[07] :^?%mcom7(nmmmMt^j:i^yAry 
h mmcomf^ ^ ^t-r mx h h . 
[08] im^mm s commmm t i> imm^ 
-fx v-x xAt?)ijfis ^^t-v— ^ yX0T-$) I. „ 
[09] *%0jio^ 8 commmm t 1. isiimf -9- 

- f X ^-x rAoijil^ ^ ^ yx0T-fe I. „ 

[010] *ig0Hom 9 i^^tftioffijtj t ^ !> mmxn 

fx y X f-i. ifj^t^—yymxhl. 
[011] *^0Hom 1 0 commmm tt^h mmi 

ff-tf- f X ^Xf- ^^-r ^-^r y X 0t'$> I. o 

[012] if%moym 1 0 (^mmmm t^^h mmi 
f X ^xx ^^t- ^-^^ y X 0T-fe s „ 

[013] ^*<7)^X7'A6OlM&^-t7"n-y^0T- 
[014] ^*iOi-Xxi^iOffiiO(^J^7S-r7-n'y^0 
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[ s 1 6 ] immm i ffm^^^m-rr^ y ^ m-c-h 
[017] m^nm 2 mi&i:^^-tr^ ■/ ^ mrh 



-A, SP-B---t?--fX7°nA'-Y^"^M„ 




[02] 
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[03] 




(SO) ) 0 1 
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1 ) )0 1 
[H7] 
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[08] 



AS sw 



AS;teBE+^--^<c^7•:^^'7>^-gaft^T■»-/^lB©bl^Iffl) 
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[H9] 



AS SW 



pjS««,PGWfiM)i,^fflfi![(SBr/SECE-eiinHead) : 



[^10] 



SW 



Ci:SWg)EB('>-»>;t^tlS) 
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[HI 1] 



Saver FTe1ln,T>nM 



ClknlK<!yit3R+H-/^ailie 



: ciifflit&y(»7-f7:/Ko±iaLfeaii) ; 



keDat» | 



OieatCertiflcatel 



(©4 ) ) 0 1 
[H13] 
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SkU-A| 



SkU-B I 
OlT[ 



SP-A 



SP-B 



SP-A 




5) )0 1 
[015] 
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*H ^bB (72) mm m\ 

F:J'-A(##) 5B085 AE13 AE23 AE29 BG07 
S^aS^ftfflK^^HT-TB 1S6^ X 5B089 GA19 GA21 JA32 JB22 KA17 

^ ■ ■ ■ ^-^r-^gyXS KB13 KC58 KH30 



